A highly critical flaw was found in VLC Media Player. The vulnerability allows attacker to compromise user’s system. The flaw is due to an error in „get_chunk_header()“ function in TiVo demuxer. It can be exploited to corrupt memory via crafted .TY file.
Flaw affects versions from 0.9.0 to 1.1.12.

Source: Secunia
21.12.2011