libvpx: buffer-overflow vulnerability

Users of libvpx please be advised of a buffer-overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

USN-1015-1: [USN-1015-1] libvpx buffer-overflow vulnerability
Details follow:

Christoph Diehl discovered that libvpx did not properly perform bounds

checking. If an application using libvpx opened a specially crafted

WebM file, an attacker could cause a denial of service or possibly execute

code as the user invoking the program.