The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba