In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an malicious user to cause denial-of-service via a crafted file.
libav libav 12.3