The host is installed with VideoLAN VLC media player 0.5.0 through 1.1.10, and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in the application, which fails to sanitize user supplied input. Successful exploitation could allow an attacker to execute arbitrary code or crash the service.