CVE 2009-4640
Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.
See the 
CVE page on Mitre.org
for more details.
