The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data.
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8a6449167a6da8cb747cfe3502ae86ffaac2ed48