Opus 1.0.2 fixes an out-of-bounds read that could be triggered by a malicious Opus packet causing an integer wrap-around in the padding code. Considering that the packet would have to be at least 16 MB in size and that no out-of-bounds write is possible, the severity is very low. Other changes include fixes and improvements to the PLC and hybrid mode quality improvements. As usual, this release is fully compliant with the Opus specification.
Source code: opus-1.0.2.tar.gz