rpm package
opensuse/libvpx&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/libvpx&distro=openSUSE%20Leap%2015.5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-5197 | — | < 1.11.0-150400.3.7.1 | 1.11.0-150400.3.7.1 | Jun 3, 2024 | There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct | ||
| CVE-2023-6349 | — | < 1.11.0-150400.3.7.1 | 1.11.0-150400.3.7.1 | May 27, 2024 | A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above | ||
| CVE-2023-44488 | — | < 1.11.0-150400.3.7.1 | 1.11.0-150400.3.7.1 | Sep 30, 2023 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | ||
| CVE-2023-5217 | — | KEV | < 1.11.0-150400.3.3.1 | 1.11.0-150400.3.3.1 | Sep 28, 2023 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- CVE-2024-5197Jun 3, 2024affected < 1.11.0-150400.3.7.1fixed 1.11.0-150400.3.7.1
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct
- CVE-2023-6349May 27, 2024affected < 1.11.0-150400.3.7.1fixed 1.11.0-150400.3.7.1
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
- CVE-2023-44488Sep 30, 2023affected < 1.11.0-150400.3.7.1fixed 1.11.0-150400.3.7.1
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
- affected < 1.11.0-150400.3.3.1fixed 1.11.0-150400.3.3.1
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)