Libvpx
by Webmproject
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-4203 | Cri | 0.64 | 9.8 | 0.05 | Nov 6, 2010 | WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. | ||
| CVE-2016-3881 | Med | 0.36 | 5.5 | 0.01 | Sep 11, 2016 | The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and… | ||
| CVE-2019-9325 | 0.01 | — | 0.03 | Sep 27, 2019 | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:… | |||
| CVE-2019-9232 | 0.01 | — | 0.05 | Sep 27, 2019 | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:… | |||
| CVE-2026-1861 | 0.00 | — | 0.00 | Feb 3, 2026 | Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-5197 | 0.00 | — | 0.01 | Jun 3, 2024 | There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned… | |||
| CVE-2023-6349 | 0.00 | — | 0.00 | May 27, 2024 | A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above | |||
| CVE-2023-44488 | 0.00 | — | 0.02 | Sep 30, 2023 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | |||
| CVE-2012-0823 | 0.00 | — | 0.03 | Feb 23, 2012 | VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion… | |||
| CVE-2010-4489 | 0.00 | — | 0.01 | Dec 7, 2010 | libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression. |
- risk 0.64cvss 9.8epss 0.05
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
- risk 0.36cvss 5.5epss 0.01
The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and…
- CVE-2019-9325Sep 27, 2019risk 0.01cvss —epss 0.03
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:…
- CVE-2019-9232Sep 27, 2019risk 0.01cvss —epss 0.05
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…
- CVE-2026-1861Feb 3, 2026risk 0.00cvss —epss 0.00
Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5197Jun 3, 2024risk 0.00cvss —epss 0.01
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned…
- CVE-2023-6349May 27, 2024risk 0.00cvss —epss 0.00
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
- CVE-2023-44488Sep 30, 2023risk 0.00cvss —epss 0.02
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
- CVE-2012-0823Feb 23, 2012risk 0.00cvss —epss 0.03
VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion…
- CVE-2010-4489Dec 7, 2010risk 0.00cvss —epss 0.01
libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.