Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libvpx
(Webmproject)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-27 | CVE-2023-6349 | A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above | Libvpx | 7.5 | ||
| 2024-06-03 | CVE-2024-5197 | There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned... | Debian_linux, Libvpx | 9.1 | ||
| 2023-09-28 | CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Ipad_os, Iphone_os, Debian_linux, Fedora, Chrome, Edge, Edge_chromium, Firefox, Thunderbird, Enterprise_linux, Libvpx | 8.8 | ||
| 2023-09-30 | CVE-2023-44488 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | Debian_linux, Fedora, Enterprise_linux, Libvpx | 7.5 | ||
| 2010-11-06 | CVE-2010-4203 | WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. | Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Libvpx | 9.8 | ||
| 2012-02-23 | CVE-2012-0823 | VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks". | Libvpx | N/A |