From From Hanno Bock hanno libvpx (webm library) has released a new version that fixes a crasher http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html VP8 Codec SDK "Duclair" Released Friday, January 27, 2012 | 6:31 PM "Duclair," the fourth named release of the VP8 Codec SDK (libvpx), is now available. You can download the Duclair libvpx snapshot (version 1.0.0) from our Downloads page or clone it from our Git repository. This release fixes a decoder crash bug introduced in Cayuga (v0.9.7), so we encourage all Cayuga users to upgrade.
Here is the code commit and other information: Code commit: http://code.google.com/p/webm/source/detail?r=9bf3bc9a729ddbc909c589b810a80e5be80c1083&repo=libvpx Original bugs: http://code.google.com/p/webm/issues/detail?id=371 https://bugzilla.mozilla.org/show_bug.cgi?id=696390
Statement: Not vulnerable. This issue did not affect the versions of libvpx as shipped with Red Hat Enterprise Linux 6.
Just as an FYI, we pushed 1.0.0 into all active Fedora targets as an update at the same time as Firefox 10.
Created libvpx tracking bugs for this issue Affects: fedora-16 [bug 789650]
Created libvpx tracking bugs for this issue Affects: epel-5 [bug 789651]
The issue was introduced in a later version than shipped with Red Hat Enterprise Linux 6.