Lucene search
AlmaLinuxALSA-2024:5941HistoryAug 28, 2024 - 12:00 a.m.
Moderate: libvpx security update
2024-08-2800:00:00
errata.almalinux.org
5
libvpx
security update
vp8 sdk
webm
heap buffer overflow
vp9 encoding
integer overflow
CVSS4
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/SC:L/VI:H/SI:L/VA:N/SA:N
AI Score
7.3
Confidence
High
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.
Security Fix(es):
- libvpx: Heap buffer overflow related to VP9 encoding (CVE-2023-6349)
- libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 8 | i686 | libvpx-devel | < 1.7.0-11.el8_10 | libvpx-devel-1.7.0-11.el8_10.i686.rpm |
| almalinux | 8 | i686 | libvpx | < 1.7.0-11.el8_10 | libvpx-1.7.0-11.el8_10.i686.rpm |
| almalinux | 8 | x86_64 | libvpx-devel | < 1.7.0-11.el8_10 | libvpx-devel-1.7.0-11.el8_10.x86_64.rpm |
| almalinux | 8 | aarch64 | libvpx-devel | < 1.7.0-11.el8_10 | libvpx-devel-1.7.0-11.el8_10.aarch64.rpm |
| almalinux | 8 | x86_64 | libvpx | < 1.7.0-11.el8_10 | libvpx-1.7.0-11.el8_10.x86_64.rpm |
| almalinux | 8 | aarch64 | libvpx | < 1.7.0-11.el8_10 | libvpx-1.7.0-11.el8_10.aarch64.rpm |
| almalinux | 8 | ppc64le | libvpx | < 1.7.0-11.el8_10 | libvpx-1.7.0-11.el8_10.ppc64le.rpm |
| almalinux | 8 | ppc64le | libvpx-devel | < 1.7.0-11.el8_10 | libvpx-devel-1.7.0-11.el8_10.ppc64le.rpm |
| almalinux | 8 | s390x | libvpx-devel | < 1.7.0-11.el8_10 | libvpx-devel-1.7.0-11.el8_10.s390x.rpm |
| almalinux | 8 | s390x | libvpx | < 1.7.0-11.el8_10 | libvpx-1.7.0-11.el8_10.s390x.rpm |
Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2024:2408-1)
2024-07-12 00:00:00
AlmaLinux 8 : libvpx (ALSA-2024:5941)
2024-08-29 00:00:00
Oracle Linux 8 : libvpx (ELSA-2024-5941)
2024-08-29 00:00:00
redhat
redhat
(RHSA-2024:5941) Moderate: libvpx security update
2024-08-28 15:26:38
osv
osv
Moderate: libvpx security update
2024-08-28 00:00:00
CVE-2023-6349
2024-05-27 12:15:00
libvpx - security update
2024-06-16 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2408-1)
2024-07-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:2409-1)
2024-07-12 00:00:00
Fedora: Security Advisory for obs-cef (FEDORA-2024-47dbf2a4de)
2024-08-06 00:00:00
oraclelinux
oraclelinux
libvpx security update
2024-08-28 00:00:00
redos
redos
ROS-20240718-04
2024-07-18 00:00:00
debiancve
debiancve
CVE-2023-6349
2024-05-27 12:15:08
CVE-2024-5197
2024-06-03 14:15:09
nvd
nvd
CVE-2023-6349
2024-05-27 12:15:08
CVE-2024-5197
2024-06-03 14:15:09
vulnrichment
vulnrichment
CVE-2023-6349 Heap overflow in libvpx
2024-05-27 11:26:58
CVE-2024-5197 Integer overflow in libvpx
2024-06-03 13:30:26
fedora
fedora
cve
cve
CVE-2023-6349
2024-05-27 12:15:08
CVE-2024-5197
2024-06-03 14:15:09
redhatcve
redhatcve
CVE-2023-6349
2024-05-27 22:01:51
CVE-2024-5197
2024-06-12 00:48:15
amazon
amazon
Medium: thunderbird
2024-08-01 03:01:00
alpinelinux
alpinelinux
CVE-2024-5197
2024-06-03 14:15:09
cvelist
cvelist
CVE-2024-5197 Integer overflow in libvpx
2024-06-03 13:30:26
CVE-2023-6349 Heap overflow in libvpx
2024-05-27 11:26:58
ubuntu
ubuntu
libvpx vulnerability
2024-06-06 00:00:00
cloudfoundry
cloudfoundry
USN-6814-1: libvpx vulnerability | Cloud Foundry
2024-07-25 00:00:00
veracode
veracode
Integer Overflow
2024-06-06 07:31:15
mageia
mageia
Updated libvpx packages fix security vulnerabilities
2024-06-14 20:30:25
ubuntucve
ubuntucve
CVSS4
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/SC:L/VI:H/SI:L/VA:N/SA:N
AI Score
7.3
Confidence
High
Related for ALSA-2024:5941