rpm package
suse/libvpx&distro=SUSE Manager Proxy 4.3
pkg:rpm/suse/libvpx&distro=SUSE%20Manager%20Proxy%204.3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-5197 | — | < 1.11.0-150400.3.7.1 | 1.11.0-150400.3.7.1 | Jun 3, 2024 | There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct | ||
| CVE-2023-6349 | — | < 1.11.0-150400.3.7.1 | 1.11.0-150400.3.7.1 | May 27, 2024 | A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above | ||
| CVE-2023-44488 | — | < 1.11.0-150400.3.7.1 | 1.11.0-150400.3.7.1 | Sep 30, 2023 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. |
- CVE-2024-5197Jun 3, 2024affected < 1.11.0-150400.3.7.1fixed 1.11.0-150400.3.7.1
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct
- CVE-2023-6349May 27, 2024affected < 1.11.0-150400.3.7.1fixed 1.11.0-150400.3.7.1
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
- CVE-2023-44488Sep 30, 2023affected < 1.11.0-150400.3.7.1fixed 1.11.0-150400.3.7.1
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.