VYPR
Vendor

Webmproject

Products
3
CVEs
25
Across products
25
Status
Private

Products

3

Recent CVEs

25
View all 25 CVEs →
  • CVE-2018-6548CriFeb 2, 2018
    risk 0.64cvss 9.8epss 0.01

    A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer…

  • CVE-2010-4203CriNov 6, 2010
    risk 0.64cvss 9.8epss 0.05

    WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

  • CVE-2016-3881MedSep 11, 2016
    risk 0.36cvss 5.5epss 0.01

    The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and…

  • CVE-2016-9085LowFeb 3, 2017
    risk 0.21cvss 3.3epss 0.00

    Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

  • CVE-2019-9325Sep 27, 2019
    risk 0.01cvss epss 0.03

    In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-9232Sep 27, 2019
    risk 0.01cvss epss 0.05

    In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2026-1861Feb 3, 2026
    risk 0.00cvss epss 0.00

    Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5197Jun 3, 2024
    risk 0.00cvss epss 0.01

    There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned…

  • CVE-2023-6349May 27, 2024
    risk 0.00cvss epss 0.00

    A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

  • CVE-2023-44488Sep 30, 2023
    risk 0.00cvss epss 0.02

    VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

  • CVE-2023-1999Jun 20, 2023
    risk 0.00cvss epss 0.01

    There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is…

  • CVE-2018-25014May 21, 2021
    risk 0.00cvss epss 0.02

    A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().

  • CVE-2018-25011May 21, 2021
    risk 0.00cvss epss 0.03

    A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().

  • CVE-2018-25010May 21, 2021
    risk 0.00cvss epss 0.02

    A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().

  • CVE-2018-25009May 21, 2021
    risk 0.00cvss epss 0.02

    A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().

  • CVE-2020-36332May 21, 2021
    risk 0.00cvss epss 0.02

    A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.

  • CVE-2020-36331May 21, 2021
    risk 0.00cvss epss 0.02

    A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

  • CVE-2020-36330May 21, 2021
    risk 0.00cvss epss 0.02

    A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.

  • CVE-2020-36329May 21, 2021
    risk 0.00cvss epss 0.02

    A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

  • CVE-2020-36328May 21, 2021
    risk 0.00cvss epss 0.03

    A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system…