The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file. https://nvd.nist.gov/vuln/detail/CVE-2017-18245