In Libav 12.3, there is a segmentation fault in vc1decodebmbintfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.