An issue was discovered in Libav 12.3. Division by zero in rangedecodeculshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.