diff --git a/0001-vpx_codec_enc_init_multi-fix-double-free-on-init-fai.patch b/0001-vpx_codec_enc_init_multi-fix-double-free-on-init-fai.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cfca466cb33fd7f775b5f124268199db5d475c64
--- /dev/null
+++ b/0001-vpx_codec_enc_init_multi-fix-double-free-on-init-fai.patch
@@ -0,0 +1,50 @@
+From 6fb5fdaca0938b50f7b19a6cab19df9af3d2b4c1 Mon Sep 17 00:00:00 2001
+From: zhuhongbo <zhuhongbo@uniontech.com>
+Date: Tue, 9 Dec 2025 13:13:05 +0800
+Subject: [PATCH] vpx_codec_enc_init_multi: fix double free on init failure
+
+---
+ vp8/vp8_cx_iface.c    | 12 +++++++++++-
+ vpx/src/vpx_encoder.c |  3 +++
+ 2 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/vp8/vp8_cx_iface.c b/vp8/vp8_cx_iface.c
+index af6689fd9..ab74e360a 100644
+--- a/vp8/vp8_cx_iface.c
++++ b/vp8/vp8_cx_iface.c
+@@ -646,7 +646,17 @@ static vpx_codec_err_t vp8e_init(vpx_codec_ctx_t *ctx,
+             optr = vp8_create_compressor(&ctx->priv->alg_priv->oxcf);
+ 
+             if (!optr)
++           {
++               #if CONFIG_MULTI_RES_ENCODING
++               // Release ownership of mr_cfg->mr_low_res_mode_info on failure. This
++               // prevents ownership confusion with the caller and avoids a double
++               // free when vpx_codec_destroy() is called on this instance.
++               priv->oxcf.mr_total_resolutions = 0;
++               priv->oxcf.mr_encoder_id = 0;
++               priv->oxcf.mr_low_res_mode_info = NULL;
++               #endif
+                 res = VPX_CODEC_MEM_ERROR;
++           }
+             else
+                 ctx->priv->alg_priv->cpi = optr;
+         }
+ 
+diff --git a/vpx/src/vpx_encoder.c b/vpx/src/vpx_encoder.c
+index 1cf2dca69..4427efa2a 100644
+--- a/vpx/src/vpx_encoder.c
++++ b/vpx/src/vpx_encoder.c
+@@ -121,6 +121,9 @@ vpx_codec_err_t vpx_codec_enc_init_multi_ver(vpx_codec_ctx_t      *ctx,
+         ctx->priv = NULL;
+         ctx->init_flags = flags;
+         ctx->config.enc = cfg;
++        // ctx takes ownership of mr_cfg.mr_low_res_mode_info if and only if
++          // this call succeeds. The first ctx entry in the array is
++          // responsible for freeing the memory.
+         res = ctx->iface->init(ctx, &mr_cfg);
+ 
+         if (res) {
+-- 
+2.49.0
+
diff --git a/libvpx.spec b/libvpx.spec
index 9b99173a15c4e3e9ac420c9b0635fae601a9da70..40724bc4580a667e8a7a16082e4ff7af0877ba37 100644
--- a/libvpx.spec
+++ b/libvpx.spec
@@ -6,7 +6,7 @@ Name:			libvpx
 Summary:		VP8 Video Codec SDK
 Version:		%{majorver}.%{minorver}.%{tinyver}
 %global soversion	%{version}
-Release:		8%{?dist}
+Release:		8%{?dist}.2
 License:		BSD
 Group:			System Environment/Libraries
 Source0:		http://webm.googlecode.com/files/%{name}-v%{version}.tar.bz2
@@ -20,6 +20,7 @@ Patch4:			0001-vp8-fix-threading-issues.patch
 Patch5:			0001-CVE-2019-9232-Fix-OOB-memory-access-on-fuzzed-data.patch
 Patch6:			0002-CVE-2019-9433-VP8-Fix-use-after-free-in-postproc.patch
 Patch7:			0001-vp8_decode_frame-fix-oob-read-on-truncated-key-frame.patch
+Patch8:                 0001-vpx_codec_enc_init_multi-fix-double-free-on-init-fai.patch
 URL:			http://www.webmproject.org/tools/vp8-sdk/
 %ifarch %{ix86} x86_64
 BuildRequires:		nasm
@@ -59,6 +60,7 @@ and decoder.
 %patch5 -p1 -b .0005
 %patch6 -p1 -b .0006
 %patch7 -p1 -b .0007
+%patch8 -p1 -b .fix-double-free-on-init-fai
 sed -i -e 's/^\(global .*\) PRIVATE$/\1/' $(find -name "*.asm")
 
 %build
@@ -186,6 +188,9 @@ popd
 %{_bindir}/*
 
 %changelog
+* Thu Dec 11 2025 zhuhongbo <zhuhongbo@uniontech.com> - 1.3.0-8.2
+- Fix double free on init failure
+
 * Wed Apr 15 2020 Taymans <wtaymans@redhat.com> - 1.3.0-8
 - Fix for CVE-2020-0034
 - Resolves: rhbz#1823909