Headline
RHSA-2023:5540: Red Hat Security Advisory: libvpx security update
An update for libvpx is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library.
- CVE-2023-44488: A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library.
Synopsis
Important: libvpx security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libvpx is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.
Security Fix(es):
- libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)
- libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, all applications using libvpx must be restarted for the changes to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx
- BZ - 2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
libvpx-1.9.0-7.el9_0.src.rpm
SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
x86_64
libvpx-1.9.0-7.el9_0.i686.rpm
SHA-256: 0724eb8d34fff76734a27f384be8a9f6bfde5c5dca9166532393d792e7bd69f8
libvpx-1.9.0-7.el9_0.x86_64.rpm
SHA-256: 4b8fcbb1199dda88c77b79e91c2cdf51674f13402374415833b6d842a842000a
libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm
SHA-256: 812846a2ee88466bb9820886f83f70b0dce3bf73dafd6e39aee177981d688896
libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm
SHA-256: 351dfdf648c197f67df9e8189abc046978a4e07018a82e3592630f9f2a76e98d
libvpx-debugsource-1.9.0-7.el9_0.i686.rpm
SHA-256: 469ce4c78f143b2554c62edf963d7f66abebd708eb1fda2efafeed0f9c14a5d5
libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm
SHA-256: fabb69d55f3db15afd86ec2aa68a5b6f291a2b2d91a7990fea121b1d61534287
libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm
SHA-256: 68452dfdad690b019ecdb983946c2c1b8c7f9c5d9369553b586d4db67c48e7c4
libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm
SHA-256: 4aea1f6b88e788220ae43c8283584a10a39166e358633cc5ff63bb19c1a2130a
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
libvpx-1.9.0-7.el9_0.src.rpm
SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
s390x
libvpx-1.9.0-7.el9_0.s390x.rpm
SHA-256: 5acc1408e88016994b6f5b7c2c8f597c3da271925d15cb7c35adc84ff0e70ecc
libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm
SHA-256: aa7f95fbe633dd295823cf6a66b42a978b329db52ace972d0b0db52602246525
libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm
SHA-256: 819365a9b23b38d99b276d6bd805c6560fffcf181a87c91e85fb87d20e814db1
libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm
SHA-256: 9f8c672216218223397f860a227827f75341a962903236903c427087f51ad084
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
libvpx-1.9.0-7.el9_0.src.rpm
SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
ppc64le
libvpx-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: cf943f941865ad556f84e460ae3f72b15d0d954cb2d73c1c65e26cf3282a1dc6
libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: e9c299c157b8ede73159014e1f26b8201b402a71e94f7f03d16bb5b42da7cb2e
libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: 62c3ff55bee579b4f94f6da0c6734013c8ce90635ade8abc718ccb9388770fe2
libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: cb620972dc92893440862904993fad00d86d00973865a6e7b8cf5cd97b56487a
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
libvpx-1.9.0-7.el9_0.src.rpm
SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
aarch64
libvpx-1.9.0-7.el9_0.aarch64.rpm
SHA-256: dab55e7f477861ec21760b1f3ac368de9ec6112871eb8f197c5e74c31e6d9cc9
libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm
SHA-256: 27b05c2d89a2ee802d036e9098baeb731f174e486c7ecf56a161b23af3231b75
libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm
SHA-256: c664443800e6fbe5b67a849442a83a880cdfe56891a06ee78a56ec1db7853ab5
libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm
SHA-256: b0f7ff723fc85c44978f94787d5ca1d241104698b6d6ba5de3c2b87aa36f20b6
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
libvpx-1.9.0-7.el9_0.src.rpm
SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
ppc64le
libvpx-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: cf943f941865ad556f84e460ae3f72b15d0d954cb2d73c1c65e26cf3282a1dc6
libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: e9c299c157b8ede73159014e1f26b8201b402a71e94f7f03d16bb5b42da7cb2e
libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: 62c3ff55bee579b4f94f6da0c6734013c8ce90635ade8abc718ccb9388770fe2
libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: cb620972dc92893440862904993fad00d86d00973865a6e7b8cf5cd97b56487a
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
libvpx-1.9.0-7.el9_0.src.rpm
SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
x86_64
libvpx-1.9.0-7.el9_0.i686.rpm
SHA-256: 0724eb8d34fff76734a27f384be8a9f6bfde5c5dca9166532393d792e7bd69f8
libvpx-1.9.0-7.el9_0.x86_64.rpm
SHA-256: 4b8fcbb1199dda88c77b79e91c2cdf51674f13402374415833b6d842a842000a
libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm
SHA-256: 812846a2ee88466bb9820886f83f70b0dce3bf73dafd6e39aee177981d688896
libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm
SHA-256: 351dfdf648c197f67df9e8189abc046978a4e07018a82e3592630f9f2a76e98d
libvpx-debugsource-1.9.0-7.el9_0.i686.rpm
SHA-256: 469ce4c78f143b2554c62edf963d7f66abebd708eb1fda2efafeed0f9c14a5d5
libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm
SHA-256: fabb69d55f3db15afd86ec2aa68a5b6f291a2b2d91a7990fea121b1d61534287
libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm
SHA-256: 68452dfdad690b019ecdb983946c2c1b8c7f9c5d9369553b586d4db67c48e7c4
libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm
SHA-256: 4aea1f6b88e788220ae43c8283584a10a39166e358633cc5ff63bb19c1a2130a
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0
SRPM
x86_64
libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm
SHA-256: 812846a2ee88466bb9820886f83f70b0dce3bf73dafd6e39aee177981d688896
libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm
SHA-256: 351dfdf648c197f67df9e8189abc046978a4e07018a82e3592630f9f2a76e98d
libvpx-debugsource-1.9.0-7.el9_0.i686.rpm
SHA-256: 469ce4c78f143b2554c62edf963d7f66abebd708eb1fda2efafeed0f9c14a5d5
libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm
SHA-256: fabb69d55f3db15afd86ec2aa68a5b6f291a2b2d91a7990fea121b1d61534287
libvpx-devel-1.9.0-7.el9_0.i686.rpm
SHA-256: bc34db349b9503beb15c9953ef5a60179879a18378018faeea21275ad86f1eb6
libvpx-devel-1.9.0-7.el9_0.x86_64.rpm
SHA-256: 742ee57b9020cd264cda65679e9f424f695b307b7d60a06eea24580fe9dd5d29
libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm
SHA-256: 68452dfdad690b019ecdb983946c2c1b8c7f9c5d9369553b586d4db67c48e7c4
libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm
SHA-256: 4aea1f6b88e788220ae43c8283584a10a39166e358633cc5ff63bb19c1a2130a
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0
SRPM
ppc64le
libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: e9c299c157b8ede73159014e1f26b8201b402a71e94f7f03d16bb5b42da7cb2e
libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: 62c3ff55bee579b4f94f6da0c6734013c8ce90635ade8abc718ccb9388770fe2
libvpx-devel-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: 008ceccd8284a7edb0806549ef96b7781fb337e20f86c5a7360e998aeef8f293
libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm
SHA-256: cb620972dc92893440862904993fad00d86d00973865a6e7b8cf5cd97b56487a
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0
SRPM
s390x
libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm
SHA-256: aa7f95fbe633dd295823cf6a66b42a978b329db52ace972d0b0db52602246525
libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm
SHA-256: 819365a9b23b38d99b276d6bd805c6560fffcf181a87c91e85fb87d20e814db1
libvpx-devel-1.9.0-7.el9_0.s390x.rpm
SHA-256: 0392e17c29072b106b135d19679d766b647f74ca9016e9790f111558f8f9306c
libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm
SHA-256: 9f8c672216218223397f860a227827f75341a962903236903c427087f51ad084
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0
SRPM
aarch64
libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm
SHA-256: 27b05c2d89a2ee802d036e9098baeb731f174e486c7ecf56a161b23af3231b75
libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm
SHA-256: c664443800e6fbe5b67a849442a83a880cdfe56891a06ee78a56ec1db7853ab5
libvpx-devel-1.9.0-7.el9_0.aarch64.rpm
SHA-256: 2389077a9c429876a0425b41b91e07466f2916ef7481babfc5b73f17e9d05b20
libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm
SHA-256: b0f7ff723fc85c44978f94787d5ca1d241104698b6d6ba5de3c2b87aa36f20b6
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
libvpx-1.9.0-7.el9_0.src.rpm
SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
aarch64
libvpx-1.9.0-7.el9_0.aarch64.rpm
SHA-256: dab55e7f477861ec21760b1f3ac368de9ec6112871eb8f197c5e74c31e6d9cc9
libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm
SHA-256: 27b05c2d89a2ee802d036e9098baeb731f174e486c7ecf56a161b23af3231b75
libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm
SHA-256: c664443800e6fbe5b67a849442a83a880cdfe56891a06ee78a56ec1db7853ab5
libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm
SHA-256: b0f7ff723fc85c44978f94787d5ca1d241104698b6d6ba5de3c2b87aa36f20b6
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
libvpx-1.9.0-7.el9_0.src.rpm
SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
s390x
libvpx-1.9.0-7.el9_0.s390x.rpm
SHA-256: 5acc1408e88016994b6f5b7c2c8f597c3da271925d15cb7c35adc84ff0e70ecc
libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm
SHA-256: aa7f95fbe633dd295823cf6a66b42a978b329db52ace972d0b0db52602246525
libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm
SHA-256: 819365a9b23b38d99b276d6bd805c6560fffcf181a87c91e85fb87d20e814db1
libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm
SHA-256: 9f8c672216218223397f860a227827f75341a962903236903c427087f51ad084
Related news
Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.
Red Hat Security Advisory 2023-6199-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2023-6198-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2023-6197-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2023-6195-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2023-6194-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2023-6191-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include a spoofing vulnerability.
Ubuntu Security Notice 6403-2 - USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-5538-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5539-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5534-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5537-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5540-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.
An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compile...
An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML pag...
An update for libvpx is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that ...
An update for libvpx is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library. * CVE...
An update for libvpx is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a...
Debian Linux Security Advisory 5518-1 - It was discovered that missing input sanitising in the encoding support in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service.
Red Hat Security Advisory 2023-5430-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could hav...
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS Tags: iPad Tags: 17.0.3 Tags: CVE-2023-42824 Tags: CVE-2023-5217 Apple has issued an emergency update to patch two vulnerabilities, including an actively exploited one. (Read more...) The post Update now! Apple patches vulnerabilities on iPhone and iPad appeared first on Malwarebytes Labs.
Gentoo Linux Security Advisory 202310-4 - Multiple vulnerabilities have been discovered in libvpx, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.13.1 are affected.
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a po...
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A comprom...
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised...
Ubuntu Security Notice 6405-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Andrew McCreight discovered that Thunderbird did not properly manage during the worker lifecycle. An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6403-1 - It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
Debian Linux Security Advisory 5509-1 - A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can