The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. https://nvd.nist.gov/vuln/detail/CVE-2017-17127