libvpx.so is vulnerable information disclosure. A lack of proper validation of data length in the function vp8_decode_frame
of decodeframe.c
leads to an out-of-bound reads during the reading of frames, allowing a user without no additional privilege to disclose information if error correction mode is on.