A vulnerability was found in libvpx. A maliciously crafted media file allows remote attackers to execute arbitrary code or cause a denial of service.
Created compat-libvpx1 tracking bugs for this issue:
Affects: fedora-23 [bug 1318188]
Created libvpx tracking bugs for this issue:
Affects: fedora-all [bug 1318187]
Affects: epel-5 [bug 1318189]
There does not seem to be any technical details public about this issue. There is this Android security bulletin:
linking the following commits:
Apparently, the problem fixed is in the libwebm library embedded in libvpx. As libvpx versions in Red Hat Enterprise Linux 6 and 7 pre-date inclusion of libwebm in libvpx, they can not be affected by this issue. Similar applies to libvpx in EPEL-5 or compat-libvpx1 in Fedora.