rpm package
suse/libvpx&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-5197 | — | < 1.6.1-150000.6.16.1 | 1.6.1-150000.6.16.1 | Jun 3, 2024 | There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct | ||
| CVE-2023-6349 | — | < 1.6.1-150000.6.16.1 | 1.6.1-150000.6.16.1 | May 27, 2024 | A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above | ||
| CVE-2023-5217 | — | KEV | < 1.6.1-150000.6.11.1 | 1.6.1-150000.6.11.1 | Sep 28, 2023 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- CVE-2024-5197Jun 3, 2024affected < 1.6.1-150000.6.16.1fixed 1.6.1-150000.6.16.1
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct
- CVE-2023-6349May 27, 2024affected < 1.6.1-150000.6.16.1fixed 1.6.1-150000.6.16.1
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
- affected < 1.6.1-150000.6.11.1fixed 1.6.1-150000.6.11.1
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)