Chris Evans discovered that the GStreamer 1.0 plugin used to decode
files in the FLIC format allowed execution of arbitrary code. Further
details can be found in his advisory at
https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html