The host is installed with VideoLAN VLC media player 0.5.0 before 1.0.6 and is prone to a null pointer dereference and application crash vulnerability. A flaw is present in the application, which fails to handle an empty location element in an XML Shareable Playlist Format (XSPF) document. Successful exploitation could allow attackers to crash the service or execute arbitrary code.