Headline
Debian Security Advisory 5722-1
Debian Linux Security Advisory 5722-1 - It was discovered that multiple integer overflows in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service and potentially the execution of arbitrary code.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5722-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffJune 26, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libvpxCVE ID : CVE-2024-5197It was discovered that multiple integer overflows in libvpx, amultimedia library for the VP8 and VP9 video codecs, may result indenial of service and potentially the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixedin version 1.9.0-1+deb11u3.For the stable distribution (bookworm), this problem has been fixed inversion 1.12.0-1+deb12u3.We recommend that you upgrade your libvpx packages.For the detailed security status of libvpx please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libvpxFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ8XGEACgkQEMKTtsN8TjbR3xAAjCKV4coiR5I7kJJmjWma8XZvNs2U6UIr1TMuovp88eglwhfc/ppxfi+i3K4+80Wznd+OqOwPvhOKDkSwR1H+Q1d7l3vRJnHvLOMVzjr8uziabk/P2GdszBWByxFZ9K0iVJZyR0DDhn3gThBuSaPk8Y/9O0vP3ZWl/5cp66b3jdyOl/INVmwfylC8tg2cFIeZJrGTbTI9avbhHvMaxbqvyLIaXM/hvewbN6I0yGhk3y2kasbkyEkDclcgQHzfQc20kPwgcWvJXD5ZD4MEHvXKvjhEfI7SRipgk2wFpxdrxRr/deA9+ZEvW5mnMl0FkuAbOZp0MeqSu1/rWfqdAPy1q0nKJQgnTJ9uLskaYrL+ou/eNvhERD6Vdn5tNpa2pJlNlXkrmxmlUoLPmkgp9mO4EZ0xqaFqarj2KeYipUZMLdU1+19VsWkp+YdmqmrQ1PSIbJ+M+sGCyrStR5V6MSe+FaIW1M+XmGvST98TrHj8MZvjBiqXjjGthhDmXHUhHfY4uM7ivurEjVcPiCJuD+YF7OfuFIxWP7Qoi50JJXeRpo1CYj4CaKwqXpbUQzocfXfiVm9v0I8xeJXhfTxV6K1lowYKTAcJ5u+rfUYYV/Q5nX1D5FqWFPjvNxtgGNF51gBbivEQNja1z7LFVSQs7QtiP6+gXuMFfrBMrhgA/ikO3Mk==AYgJ-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice USN-6814-1
Ubuntu Security Notice 6814-1 - Xiantong Hou discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.