The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.
https://github.com/libming/libming/issues/85
https://lists.debian.org/debian-lts-announce/2017/11/msg00022.html