Key Information Title: WebRTC: Potential Use-after-free in VP8 Block Decoding (MFQE feature) Type: Vulnerability Priority: P1 Severity: S1 Status: Fixed Reporter: ey....@gmail.com Date: Dec 9, 2018 05:14PM Related Links: Use-after-free vulnerability in VP8 decoding Issue Description UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 Reproduction: The MFQE feature in VP8 block decoding (WebRTC) never works due to a bug. If it were to work, it would result in a Use-after-free vulnerability. Expected Behavior: The MFQE feature should function correctly and, once activated, should not introduce any vulnerabilities. Root Cause: libvpx has duplicate declarations in configuration flags, preventing the MFQE feature from working properly. Code Issue First declaration in : Second declaration in : Related People Assignee: jl...@chromium.org CC: - ab...@google.com - ey...@gmail.com - jz...@chromium.org - ma...@chromium.org - pa...@chromium.org