The avi_read_seek function in libavformat/avidec.c in FFmpeg prior to 3.1.4 allows remote malicious users to cause a denial of service (assert fault) via a crafted AVI file.
ffmpeg ffmpeg