USN-1087-1: libvpx vulnerability
11 March 2011
libvpx DOS bad read
Releases
Packages
- libvpx - VP8 video codec (development files)
Details
Chris Evans discovered that libvpx did not properly perform bounds
checking. If an application using libvpx opened a specially crafted WebM
file, an attacker could cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.