Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team used the Address Sanitizer tool to discover two buffer
overflow issues in the Libvpx library used for WebM video when decoding a
malformed WebM video file. These buffer overflows result in potentially
exploitable crashes.
Improper Restriction of Operations within the Bounds of a Memory Buffer
description
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.