CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

webmproject

libvpx

4 known vulnerabilities · sorted by CVSS score

CVE-2024-5197

CRITICAL9.1

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

webmproject / libvpx+1

Network

Published Jun 3, 2024

CVE-2023-5217

HIGH8.8

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

webmproject / libvpx+20

Network

Published Sep 28, 2023

CVE-2023-44488

HIGH7.5

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

webmproject / libvpx+6

Network

Published Sep 30, 2023

CVE-2023-6349

HIGH7.5

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

webmproject / libvpx

Network

Published May 27, 2024