Search CVE reports


Toggle filters

1 – 10 of 17 results


CVE-2024-5197

Medium priority

Some fixes available 4 of 7

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets...

1 affected package

libvpx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvpx Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2023-6349

Medium priority

Some fixes available 6 of 7

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

1 affected package

libvpx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvpx Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-44488

Medium priority

Some fixes available 9 of 23

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

10 affected packages

chromium-browser, firefox, libvpx, mozjs102, mozjs38...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Ignored Ignored
firefox Not affected Not affected Fixed Ignored Ignored
libvpx Fixed Fixed Fixed Fixed Fixed
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Not affected Not affected Not affected Ignored Ignored
Show all 10 packages Show less packages

CVE-2023-5217

High priority

Some fixes available 12 of 25

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

10 affected packages

chromium-browser, firefox, libvpx, mozjs102, mozjs38...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Ignored Ignored
firefox Not affected Not affected Fixed Ignored Ignored
libvpx Not affected Fixed Fixed Fixed Fixed
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Ignored Ignored
Show all 10 packages Show less packages

CVE-2020-0034

Low priority
Fixed

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution...

1 affected package

libvpx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvpx Not affected Not affected Not affected Fixed
Show less packages

CVE-2019-9433

Low priority
Fixed

In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation....

1 affected package

libvpx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvpx Not affected Fixed Fixed
Show less packages

CVE-2019-9371

Low priority
Fixed

In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product:...

1 affected package

libvpx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvpx Fixed Not affected
Show less packages

CVE-2019-9325

Low priority
Fixed

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...

1 affected package

libvpx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvpx Not affected Fixed Fixed
Show less packages

CVE-2019-9232

Low priority
Fixed

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation....

1 affected package

libvpx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvpx Not affected Fixed Fixed
Show less packages

CVE-2019-2126

Low priority

Some fixes available 2 of 39

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is...

7 affected packages

aom, chromium-browser, firefox, godot, libvpx...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
aom Not affected Needs evaluation Needs evaluation Not in release Not in release
chromium-browser Not affected Not affected Not affected Not affected Not affected
firefox Not affected Not affected Not affected Not affected Not affected
godot Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
libvpx Not affected Not affected Not affected Fixed Not affected
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
thunderbird Not affected Not affected Not affected Not affected Not affected
Show all 7 packages Show less packages