Christoph Diehl discovered that libvpx did not properly perform bounds checking. If an application using libvpx opened a specially crafted WebM file, an attacker could cause a denial of service or possibly execute code as the user invoking the program.