Search CVE reports
1 – 10 of 17 results
CVE-2024-5197
Medium prioritySome fixes available 4 of 7
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets...
1 affected package
libvpx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libvpx | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-6349
Medium prioritySome fixes available 6 of 7
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
1 affected package
libvpx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libvpx | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2023-44488
Medium prioritySome fixes available 9 of 23
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
10 affected packages
chromium-browser, firefox, libvpx, mozjs102, mozjs38...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Not affected | Not affected | Not affected | Ignored | Ignored |
firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
libvpx | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs102 | Ignored | Ignored | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2023-5217
High prioritySome fixes available 12 of 25
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
10 affected packages
chromium-browser, firefox, libvpx, mozjs102, mozjs38...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Not affected | Not affected | Not affected | Ignored | Ignored |
firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
libvpx | Not affected | Fixed | Fixed | Fixed | Fixed |
mozjs102 | Ignored | Ignored | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Ignored | Ignored |
CVE-2020-0034
Low priorityIn vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution...
1 affected package
libvpx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libvpx | — | Not affected | Not affected | Not affected | Fixed |
CVE-2019-9433
Low priorityIn libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation....
1 affected package
libvpx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libvpx | — | — | Not affected | Fixed | Fixed |
CVE-2019-9371
Low priorityIn libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product:...
1 affected package
libvpx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libvpx | — | — | — | Fixed | Not affected |
CVE-2019-9325
Low priorityIn libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...
1 affected package
libvpx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libvpx | — | — | Not affected | Fixed | Fixed |
CVE-2019-9232
Low priorityIn libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation....
1 affected package
libvpx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libvpx | — | — | Not affected | Fixed | Fixed |
CVE-2019-2126
Low prioritySome fixes available 2 of 39
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is...
7 affected packages
aom, chromium-browser, firefox, godot, libvpx...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
aom | Not affected | Needs evaluation | Needs evaluation | Not in release | Not in release |
chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
godot | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
libvpx | Not affected | Not affected | Not affected | Fixed | Not affected |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |