A vulnerability has been found and corrected in libvpx: VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service via unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in SPLITMV blocks . The updated packages have been patched to correct this issue.