Errata overview
Errata ID 634
Date 2020-06-24
Source package vlc
Fixed in version 3.0.11-0+deb9u1
This update addresses the following issue:
* A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in
  modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11
  for macOS/iOS allows remote attackers to cause a denial of service
  (application crash) or execute arbitrary code via a crafted H.264 Annex-B
  video (.avi for example) file. (CVE-2020-13428)
Additional notes
CVE ID CVE-2020-13428
UCS Bug number #51544