"When parsing some MP4 (MPEG-4 Part 14) files, insufficient buffer size
might lead to corruption of the heap."
"If successful, it is unknown whether a malicious third party might be
able to trigger execution of arbitrary code. Successful exploitation of
this bug can crash the process of the media player."
"VLC media player 1.1.9 will address this issue. Patches for older
versions are available from the official VLC source code repositories."
For an immediate mitigation, the MP4 library can be disabled.