listmp3.c in libming-dev 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift.