CVE search results

1 – 10 of 17 results

Detailed view

Sort by:

CVE-2024-5197

Medium priority

Some fixes available 4 of 7

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets...

1 affected packages

libvpx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvpx	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation

CVE-2023-6349

Medium priority

Some fixes available 6 of 7

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

1 affected packages

libvpx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvpx	Not affected	Fixed	Fixed	Fixed	Fixed

CVE-2023-44488

Medium priority

Some fixes available 8 of 22

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

10 affected packages

chromium-browser, firefox, libvpx, mozjs102, mozjs38...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	Not affected	Not affected	Not affected	Ignored	Ignored
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
libvpx	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored

CVE-2023-5217

High priority

Some fixes available 11 of 24

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

10 affected packages

chromium-browser, firefox, libvpx, mozjs102, mozjs38...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	Not affected	Not affected	Not affected	Ignored	Ignored
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
libvpx	Not affected	Fixed	Fixed	Fixed	Fixed
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Ignored	Ignored

CVE-2020-0034

Low priority

Fixed

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution...

1 affected packages

libvpx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvpx	—	Not affected	Not affected	Not affected	Fixed

CVE-2019-9433

Low priority

Fixed

In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation....

1 affected packages

libvpx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvpx	—	—	Not affected	Fixed	Fixed

CVE-2019-9371

Low priority

Fixed

In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product:...

1 affected packages

libvpx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvpx	—	—	—	Fixed	Not affected

CVE-2019-9325

Low priority

Fixed

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...

1 affected packages

libvpx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvpx	—	—	Not affected	Fixed	Fixed

CVE-2019-9232

Low priority

Fixed

1 affected packages

libvpx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvpx	—	—	Not affected	Fixed	Fixed

CVE-2019-2126

Low priority

Some fixes available 2 of 37

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is...

7 affected packages

aom, chromium-browser, firefox, godot, libvpx...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
aom	Not affected	Needs evaluation	Needs evaluation	Not in release	Not in release
chromium-browser	Not affected	Not affected	Not affected	Not affected	Not affected
firefox	Not affected	Not affected	Not affected	Not affected	Not affected
godot	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release
libvpx	Not affected	Not affected	Not affected	Fixed	Not affected
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports