rpm package

almalinux/libvpx-devel

pkg:rpm/almalinux/libvpx-devel

Vulnerabilities (10)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2026-2447	Hig	8.8		< 1.7.0-13.el8_10	1.7.0-13.el8_10	Feb 16, 2026	Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
CVE-2025-5283		—		< 1.9.0-9.el9_6	1.9.0-9.el9_6	May 27, 2025	Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5197		—		< 1.7.0-11.el8_10	1.7.0-11.el8_10	Jun 3, 2024	There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct
CVE-2023-6349		—		< 1.7.0-11.el8_10	1.7.0-11.el8_10	May 27, 2024	A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
CVE-2023-44488		—		< 1.7.0-10.el8_8.alma.1	1.7.0-10.el8_8.alma.1	Sep 30, 2023	VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
CVE-2023-5217		—	KEV	< 1.7.0-10.el8_8.alma.1	1.7.0-10.el8_8.alma.1	Sep 28, 2023	Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2019-9433		—		< 1.7.0-8.el8	1.7.0-8.el8	Sep 27, 2019	In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-
CVE-2019-9371		—		< 1.7.0-8.el8	1.7.0-8.el8	Sep 27, 2019	In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-13278325
CVE-2019-9232		—		< 1.7.0-8.el8	1.7.0-8.el8	Sep 27, 2019	In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122
CVE-2019-2126		—		< 1.7.0-8.el8	1.7.0-8.el8	Aug 20, 2019	In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Version

CVE-2026-2447HigFeb 16, 2026
affected < 1.7.0-13.el8_10fixed 1.7.0-13.el8_10
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
CVE-2025-5283May 27, 2025
affected < 1.9.0-9.el9_6fixed 1.9.0-9.el9_6
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5197Jun 3, 2024
affected < 1.7.0-11.el8_10fixed 1.7.0-11.el8_10
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct
CVE-2023-6349May 27, 2024
affected < 1.7.0-11.el8_10fixed 1.7.0-11.el8_10
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
CVE-2023-44488Sep 30, 2023
affected < 1.7.0-10.el8_8.alma.1fixed 1.7.0-10.el8_8.alma.1
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
CVE-2023-5217KEVSep 28, 2023
affected < 1.7.0-10.el8_8.alma.1fixed 1.7.0-10.el8_8.alma.1
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2019-9433Sep 27, 2019
affected < 1.7.0-8.el8fixed 1.7.0-8.el8
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-
CVE-2019-9371Sep 27, 2019
affected < 1.7.0-8.el8fixed 1.7.0-8.el8
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-13278325
CVE-2019-9232Sep 27, 2019
affected < 1.7.0-8.el8fixed 1.7.0-8.el8
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122
CVE-2019-2126Aug 20, 2019
affected < 1.7.0-8.el8fixed 1.7.0-8.el8
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Version