rpm package
opensuse/libvpx&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libvpx&distro=openSUSE%20Tumbleweed
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-5197 | — | < 1.14.1-1.1 | 1.14.1-1.1 | Jun 3, 2024 | There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct | ||
| CVE-2023-5217 | — | KEV | < 1.13.0-2.1 | 1.13.0-2.1 | Sep 28, 2023 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2020-0034 | — | < 1.11.0-3.1 | 1.11.0-3.1 | Mar 10, 2020 | In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for e | ||
| CVE-2019-9433 | — | < 1.10.0-1.3 | 1.10.0-1.3 | Sep 27, 2019 | In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A- | ||
| CVE-2019-9371 | — | < 1.10.0-1.3 | 1.10.0-1.3 | Sep 27, 2019 | In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-13278325 | ||
| CVE-2019-9325 | — | < 1.10.0-1.3 | 1.10.0-1.3 | Sep 27, 2019 | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-1120013 | ||
| CVE-2019-9232 | — | < 1.10.0-1.3 | 1.10.0-1.3 | Sep 27, 2019 | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122 | ||
| CVE-2019-2126 | — | < 1.10.0-1.3 | 1.10.0-1.3 | Aug 20, 2019 | In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Version | ||
| CVE-2017-13194 | — | < 1.10.0-1.3 | 1.10.0-1.3 | Jan 12, 2018 | A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. | ||
| CVE-2017-0641 | Med | 5.5 | < 1.10.0-1.3 | 1.10.0-1.3 | Jun 14, 2017 | A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, | |
| CVE-2016-2464 | Hig | 7.8 | < 1.6.0-2.1 | 1.6.0-2.1 | Jun 13, 2016 | libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726. | |
| CVE-2016-1621 | Cri | 9.8 | < 1.6.0-2.1 | 1.6.0-2.1 | Mar 12, 2016 | libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka |
- CVE-2024-5197Jun 3, 2024affected < 1.14.1-1.1fixed 1.14.1-1.1
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct
- affected < 1.13.0-2.1fixed 1.13.0-2.1
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2020-0034Mar 10, 2020affected < 1.11.0-3.1fixed 1.11.0-3.1
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for e
- CVE-2019-9433Sep 27, 2019affected < 1.10.0-1.3fixed 1.10.0-1.3
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-
- CVE-2019-9371Sep 27, 2019affected < 1.10.0-1.3fixed 1.10.0-1.3
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-13278325
- CVE-2019-9325Sep 27, 2019affected < 1.10.0-1.3fixed 1.10.0-1.3
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-1120013
- CVE-2019-9232Sep 27, 2019affected < 1.10.0-1.3fixed 1.10.0-1.3
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122
- CVE-2019-2126Aug 20, 2019affected < 1.10.0-1.3fixed 1.10.0-1.3
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Version
- CVE-2017-13194Jan 12, 2018affected < 1.10.0-1.3fixed 1.10.0-1.3
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.
- affected < 1.10.0-1.3fixed 1.10.0-1.3
A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4,
- affected < 1.6.0-2.1fixed 1.6.0-2.1
libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.
- affected < 1.6.0-2.1fixed 1.6.0-2.1
libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka