VLC versions 2.2.1 and below suffer from an arbitrary pointer dereference vulnerability.
5729beee45859fa6c90c4ec59513f7ad8f788728b656de7ca5a61d5fed77f09c
Debian Linux Security Advisory 3342-1 - Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files.
a16d41b09a9384afe2a8b693f62e0412ecd3871bc6b7ef99bbf77ef482e96b20