LinuxSecurity.com: It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.
More...