CVE-2023-44488: Comparing v1.13.0...v1.13.1 · webmproject/libvpx

Ubuntu Security Notice 6403-3 - USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 16.04 LTS. It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-6199-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2023-6196-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2023-6192-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2023-6190-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2023-5538-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5539-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5534-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5537-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5540-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compile...

An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML pag...

An update for libvpx is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that ...

An update for libvpx is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library. * CVE...

An update for libvpx is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a...

An update for libvpx is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compile...

Debian Linux Security Advisory 5518-1 - It was discovered that missing input sanitising in the encoding support in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service.

Gentoo Linux Security Advisory 202310-4 - Multiple vulnerabilities have been discovered in libvpx, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.13.1 are affected.

Ubuntu Security Notice 6403-1 - It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.