Debian Linux Security Advisory 1939-1 – Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/82899/dsa-1939-1.txt
Source: https://packetstormsecurity.com/files/82899/Debian-Linux-Security-Advisory-1939-1.html