The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file. https://nvd.nist.gov/vuln/detail/CVE-2017-18246