VYPR

Libvpx

by Webmproject

Source repositories

CVEs (10)

  • CVE-2010-4203CriNov 6, 2010
    risk 0.64cvss 9.8epss 0.05

    WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

  • CVE-2016-3881MedSep 11, 2016
    risk 0.36cvss 5.5epss 0.01

    The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and…

  • CVE-2019-9325Sep 27, 2019
    risk 0.01cvss epss 0.03

    In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-9232Sep 27, 2019
    risk 0.01cvss epss 0.05

    In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2026-1861Feb 3, 2026
    risk 0.00cvss epss 0.00

    Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5197Jun 3, 2024
    risk 0.00cvss epss 0.01

    There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned…

  • CVE-2023-6349May 27, 2024
    risk 0.00cvss epss 0.00

    A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

  • CVE-2023-44488Sep 30, 2023
    risk 0.00cvss epss 0.02

    VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

  • CVE-2012-0823Feb 23, 2012
    risk 0.00cvss epss 0.03

    VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion…

  • CVE-2010-4489Dec 7, 2010
    risk 0.00cvss epss 0.01

    libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.