diff --git a/webp/decode.go b/webp/decode.go
index d6eefd5..e211c7d 100644
--- a/webp/decode.go
+++ b/webp/decode.go
@@ -39,6 +39,7 @@ func decode(r io.Reader, configOnly bool) (image.Image, image.Config, error) {
 		alpha          []byte
 		alphaStride    int
 		wantAlpha      bool
+		seenVP8X       bool
 		widthMinusOne  uint32
 		heightMinusOne uint32
 		buf            [10]byte
@@ -113,6 +114,10 @@ func decode(r io.Reader, configOnly bool) (image.Image, image.Config, error) {
 			return m, image.Config{}, err
 
 		case fccVP8X:
+			if seenVP8X {
+				return nil, image.Config{}, errInvalidFormat
+			}
+			seenVP8X = true
 			if chunkLen != 10 {
 				return nil, image.Config{}, errInvalidFormat
 			}
diff --git a/webp/decode_test.go b/webp/decode_test.go
index ad65b10..00be03f 100644
--- a/webp/decode_test.go
+++ b/webp/decode_test.go
@@ -271,6 +271,14 @@ func TestDecodePartitionTooLarge(t *testing.T) {
 	}
 }
 
+func TestDuplicateVP8X(t *testing.T) {
+	data := []byte{'R', 'I', 'F', 'F', 49, 0, 0, 0, 'W', 'E', 'B', 'P', 'V', 'P', '8', 'X', 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 'V', 'P', '8', 'X', 10, 0, 0, 0, 0x10, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+	_, err := Decode(bytes.NewReader(data))
+	if err != errInvalidFormat {
+		t.Fatalf("unexpected error: want %q, got %q", errInvalidFormat, err)
+	}
+}
+
 func benchmarkDecode(b *testing.B, filename string) {
 	data, err := ioutil.ReadFile("../testdata/blue-purple-pink-large." + filename + ".webp")
 	if err != nil {