This seems utterly pointless to worry about. You're fucked either way if you trust VLC.

Care to elaborate?

	▲	bzzzt 16 minutes ago \| parent [-]
		Look at the supported formats lists. It includes so many parsers, mostly written in C, which means there probably are a few dozen ways to exploit the player.