M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file.