Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5540: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library.
  • CVE-2023-44488: A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library.
Red Hat Security Data
#vulnerability#web#linux#red_hat#buffer_overflow#ibm#sap

Synopsis

Important: libvpx security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvpx is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

  • libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)
  • libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx
  • BZ - 2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

libvpx-1.9.0-7.el9_0.src.rpm

SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c

x86_64

libvpx-1.9.0-7.el9_0.i686.rpm

SHA-256: 0724eb8d34fff76734a27f384be8a9f6bfde5c5dca9166532393d792e7bd69f8

libvpx-1.9.0-7.el9_0.x86_64.rpm

SHA-256: 4b8fcbb1199dda88c77b79e91c2cdf51674f13402374415833b6d842a842000a

libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm

SHA-256: 812846a2ee88466bb9820886f83f70b0dce3bf73dafd6e39aee177981d688896

libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm

SHA-256: 351dfdf648c197f67df9e8189abc046978a4e07018a82e3592630f9f2a76e98d

libvpx-debugsource-1.9.0-7.el9_0.i686.rpm

SHA-256: 469ce4c78f143b2554c62edf963d7f66abebd708eb1fda2efafeed0f9c14a5d5

libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm

SHA-256: fabb69d55f3db15afd86ec2aa68a5b6f291a2b2d91a7990fea121b1d61534287

libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm

SHA-256: 68452dfdad690b019ecdb983946c2c1b8c7f9c5d9369553b586d4db67c48e7c4

libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm

SHA-256: 4aea1f6b88e788220ae43c8283584a10a39166e358633cc5ff63bb19c1a2130a

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

libvpx-1.9.0-7.el9_0.src.rpm

SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c

s390x

libvpx-1.9.0-7.el9_0.s390x.rpm

SHA-256: 5acc1408e88016994b6f5b7c2c8f597c3da271925d15cb7c35adc84ff0e70ecc

libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm

SHA-256: aa7f95fbe633dd295823cf6a66b42a978b329db52ace972d0b0db52602246525

libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm

SHA-256: 819365a9b23b38d99b276d6bd805c6560fffcf181a87c91e85fb87d20e814db1

libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm

SHA-256: 9f8c672216218223397f860a227827f75341a962903236903c427087f51ad084

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

libvpx-1.9.0-7.el9_0.src.rpm

SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c

ppc64le

libvpx-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: cf943f941865ad556f84e460ae3f72b15d0d954cb2d73c1c65e26cf3282a1dc6

libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: e9c299c157b8ede73159014e1f26b8201b402a71e94f7f03d16bb5b42da7cb2e

libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: 62c3ff55bee579b4f94f6da0c6734013c8ce90635ade8abc718ccb9388770fe2

libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: cb620972dc92893440862904993fad00d86d00973865a6e7b8cf5cd97b56487a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

libvpx-1.9.0-7.el9_0.src.rpm

SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c

aarch64

libvpx-1.9.0-7.el9_0.aarch64.rpm

SHA-256: dab55e7f477861ec21760b1f3ac368de9ec6112871eb8f197c5e74c31e6d9cc9

libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm

SHA-256: 27b05c2d89a2ee802d036e9098baeb731f174e486c7ecf56a161b23af3231b75

libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm

SHA-256: c664443800e6fbe5b67a849442a83a880cdfe56891a06ee78a56ec1db7853ab5

libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm

SHA-256: b0f7ff723fc85c44978f94787d5ca1d241104698b6d6ba5de3c2b87aa36f20b6

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

libvpx-1.9.0-7.el9_0.src.rpm

SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c

ppc64le

libvpx-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: cf943f941865ad556f84e460ae3f72b15d0d954cb2d73c1c65e26cf3282a1dc6

libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: e9c299c157b8ede73159014e1f26b8201b402a71e94f7f03d16bb5b42da7cb2e

libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: 62c3ff55bee579b4f94f6da0c6734013c8ce90635ade8abc718ccb9388770fe2

libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: cb620972dc92893440862904993fad00d86d00973865a6e7b8cf5cd97b56487a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

libvpx-1.9.0-7.el9_0.src.rpm

SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c

x86_64

libvpx-1.9.0-7.el9_0.i686.rpm

SHA-256: 0724eb8d34fff76734a27f384be8a9f6bfde5c5dca9166532393d792e7bd69f8

libvpx-1.9.0-7.el9_0.x86_64.rpm

SHA-256: 4b8fcbb1199dda88c77b79e91c2cdf51674f13402374415833b6d842a842000a

libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm

SHA-256: 812846a2ee88466bb9820886f83f70b0dce3bf73dafd6e39aee177981d688896

libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm

SHA-256: 351dfdf648c197f67df9e8189abc046978a4e07018a82e3592630f9f2a76e98d

libvpx-debugsource-1.9.0-7.el9_0.i686.rpm

SHA-256: 469ce4c78f143b2554c62edf963d7f66abebd708eb1fda2efafeed0f9c14a5d5

libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm

SHA-256: fabb69d55f3db15afd86ec2aa68a5b6f291a2b2d91a7990fea121b1d61534287

libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm

SHA-256: 68452dfdad690b019ecdb983946c2c1b8c7f9c5d9369553b586d4db67c48e7c4

libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm

SHA-256: 4aea1f6b88e788220ae43c8283584a10a39166e358633cc5ff63bb19c1a2130a

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0

SRPM

x86_64

libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm

SHA-256: 812846a2ee88466bb9820886f83f70b0dce3bf73dafd6e39aee177981d688896

libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm

SHA-256: 351dfdf648c197f67df9e8189abc046978a4e07018a82e3592630f9f2a76e98d

libvpx-debugsource-1.9.0-7.el9_0.i686.rpm

SHA-256: 469ce4c78f143b2554c62edf963d7f66abebd708eb1fda2efafeed0f9c14a5d5

libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm

SHA-256: fabb69d55f3db15afd86ec2aa68a5b6f291a2b2d91a7990fea121b1d61534287

libvpx-devel-1.9.0-7.el9_0.i686.rpm

SHA-256: bc34db349b9503beb15c9953ef5a60179879a18378018faeea21275ad86f1eb6

libvpx-devel-1.9.0-7.el9_0.x86_64.rpm

SHA-256: 742ee57b9020cd264cda65679e9f424f695b307b7d60a06eea24580fe9dd5d29

libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm

SHA-256: 68452dfdad690b019ecdb983946c2c1b8c7f9c5d9369553b586d4db67c48e7c4

libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm

SHA-256: 4aea1f6b88e788220ae43c8283584a10a39166e358633cc5ff63bb19c1a2130a

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0

SRPM

ppc64le

libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: e9c299c157b8ede73159014e1f26b8201b402a71e94f7f03d16bb5b42da7cb2e

libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: 62c3ff55bee579b4f94f6da0c6734013c8ce90635ade8abc718ccb9388770fe2

libvpx-devel-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: 008ceccd8284a7edb0806549ef96b7781fb337e20f86c5a7360e998aeef8f293

libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm

SHA-256: cb620972dc92893440862904993fad00d86d00973865a6e7b8cf5cd97b56487a

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0

SRPM

s390x

libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm

SHA-256: aa7f95fbe633dd295823cf6a66b42a978b329db52ace972d0b0db52602246525

libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm

SHA-256: 819365a9b23b38d99b276d6bd805c6560fffcf181a87c91e85fb87d20e814db1

libvpx-devel-1.9.0-7.el9_0.s390x.rpm

SHA-256: 0392e17c29072b106b135d19679d766b647f74ca9016e9790f111558f8f9306c

libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm

SHA-256: 9f8c672216218223397f860a227827f75341a962903236903c427087f51ad084

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0

SRPM

aarch64

libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm

SHA-256: 27b05c2d89a2ee802d036e9098baeb731f174e486c7ecf56a161b23af3231b75

libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm

SHA-256: c664443800e6fbe5b67a849442a83a880cdfe56891a06ee78a56ec1db7853ab5

libvpx-devel-1.9.0-7.el9_0.aarch64.rpm

SHA-256: 2389077a9c429876a0425b41b91e07466f2916ef7481babfc5b73f17e9d05b20

libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm

SHA-256: b0f7ff723fc85c44978f94787d5ca1d241104698b6d6ba5de3c2b87aa36f20b6

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

libvpx-1.9.0-7.el9_0.src.rpm

SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c

aarch64

libvpx-1.9.0-7.el9_0.aarch64.rpm

SHA-256: dab55e7f477861ec21760b1f3ac368de9ec6112871eb8f197c5e74c31e6d9cc9

libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm

SHA-256: 27b05c2d89a2ee802d036e9098baeb731f174e486c7ecf56a161b23af3231b75

libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm

SHA-256: c664443800e6fbe5b67a849442a83a880cdfe56891a06ee78a56ec1db7853ab5

libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm

SHA-256: b0f7ff723fc85c44978f94787d5ca1d241104698b6d6ba5de3c2b87aa36f20b6

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

libvpx-1.9.0-7.el9_0.src.rpm

SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c

s390x

libvpx-1.9.0-7.el9_0.s390x.rpm

SHA-256: 5acc1408e88016994b6f5b7c2c8f597c3da271925d15cb7c35adc84ff0e70ecc

libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm

SHA-256: aa7f95fbe633dd295823cf6a66b42a978b329db52ace972d0b0db52602246525

libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm

SHA-256: 819365a9b23b38d99b276d6bd805c6560fffcf181a87c91e85fb87d20e814db1

libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm

SHA-256: 9f8c672216218223397f860a227827f75341a962903236903c427087f51ad084

Related news

Gentoo Linux Security Advisory 202401-34

Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.

Red Hat Security Advisory 2023-6199-01

Red Hat Security Advisory 2023-6199-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2023-6198-01

Red Hat Security Advisory 2023-6198-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2023-6197-01

Red Hat Security Advisory 2023-6197-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2023-6195-01

Red Hat Security Advisory 2023-6195-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2023-6194-01

Red Hat Security Advisory 2023-6194-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2023-6191-01

Red Hat Security Advisory 2023-6191-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include a spoofing vulnerability.

Ubuntu Security Notice USN-6403-2

Ubuntu Security Notice 6403-2 - USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-5538-01

Red Hat Security Advisory 2023-5538-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5539-01

Red Hat Security Advisory 2023-5539-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5534-01

Red Hat Security Advisory 2023-5534-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5537-01

Red Hat Security Advisory 2023-5537-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5540-01

Red Hat Security Advisory 2023-5540-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

RHSA-2023:5538: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compile...

RHSA-2023:5534: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML pag...

RHSA-2023:5535: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that ...

RHSA-2023:5537: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library. * CVE...

RHSA-2023:5536: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a...

Debian Security Advisory 5518-1

Debian Linux Security Advisory 5518-1 - It was discovered that missing input sanitising in the encoding support in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service.

Red Hat Security Advisory 2023-5430-01

Red Hat Security Advisory 2023-5430-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:5477: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could hav...

Update now! Apple patches vulnerabilities on iPhone and iPad

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS Tags: iPad Tags: 17.0.3 Tags: CVE-2023-42824 Tags: CVE-2023-5217 Apple has issued an emergency update to patch two vulnerabilities, including an actively exploited one. (Read more...) The post Update now! Apple patches vulnerabilities on iPhone and iPad appeared first on Malwarebytes Labs.

Gentoo Linux Security Advisory 202310-04

Gentoo Linux Security Advisory 202310-4 - Multiple vulnerabilities have been discovered in libvpx, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.13.1 are affected.

RHSA-2023:5429: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a po...

RHSA-2023:5439: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A comprom...

RHSA-2023:5427: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised...

Ubuntu Security Notice USN-6405-1

Ubuntu Security Notice 6405-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Andrew McCreight discovered that Thunderbird did not properly manage during the worker lifecycle. An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6403-1

Ubuntu Security Notice 6403-1 - It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

Debian Security Advisory 5509-1

Debian Linux Security Advisory 5509-1 - A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

CVE-2023-44488: Comparing v1.13.0...v1.13.1 · webmproject/libvpx

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

Apple, Microsoft, and Google Just Fixed Multiple Zero-Day Flaws

Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can