Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. https://nvd.nist.gov/vuln/detail/CVE-2012-5360