Lucene search
Cloud FoundryCFOUNDRY:B26BE80AE504D506A8A06C0E3EF4D098HistoryOct 05, 2023 - 12:00 a.m.
USN-6403-1: libvpx vulnerabilities | Cloud Foundry
2023-10-0500:00:00
Cloud Foundry
www.cloudfoundry.org
42
libvpx
canonical ubuntu
vulnerability
cloud foundry
denial of service
arbitrary code
update
cflinuxfs4
cf deployment
mitigation
cve-2023-44488
cve-2023-5217
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.245 Low
EPSS
Percentile
96.7%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 22.04
Description
It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run sudo pro fix USN-6403-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvpx-dev β 1.8.2-1ubuntu0.2 libvpx6 β 1.8.2-1ubuntu0.2 vpx-tools β 1.8.2-1ubuntu0.2 libvpx-doc β 1.8.2-1ubuntu0.2 No subscription required
CVEs contained in this USN include: CVE-2023-44488, CVE-2023-5217.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- cflinuxfs4
- All versions prior to 1.39.0
- CF Deployment
- All versions prior to 32.12.0
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
- cflinuxfs4
- Upgrade all versions to 1.39.0 or greater
- CF Deployment
- Upgrade all versions to 32.12.0 or greater
References
History
2023-10-05: Initial vulnerability report published.
Affected configurations
Node
cloud_foundrydiegoRange<1.39.0
ORcloud_foundrycf-networkingRange<32.12.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| cflinuxfs4 | lt | 1.39.0 | |
| cf deployment | lt | 32.12.0 |
Related
redhat
redhat
(RHSA-2023:5534) Important: libvpx security update
2023-10-09 09:49:38
(RHSA-2023:5537) Important: libvpx security update
2023-10-09 09:52:40
(RHSA-2023:5535) Important: libvpx security update
2023-10-09 09:50:48
ubuntu
ubuntu
libvpx vulnerabilities
2023-11-01 00:00:00
libvpx vulnerabilities
2023-10-02 00:00:00
libvpx vulnerabilities
2023-10-23 00:00:00
osv
osv
libvpx vulnerabilities
2023-10-23 15:46:57
libvpx vulnerabilities
2023-11-01 09:29:41
libvpx - security update
2023-10-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6403-1)
2023-10-03 00:00:00
Ubuntu: Security Advisory (USN-6403-2)
2023-10-24 00:00:00
Fedora: Security Advisory for libvpx (FEDORA-2023-f696934fbf)
2023-10-24 00:00:00
nessus
nessus
GLSA-202310-04 : libvpx: Multiple Vulnerabilities
2023-10-04 00:00:00
RHEL 9 : libvpx (RHSA-2023:5539)
2023-10-09 00:00:00
Debian DLA-3598-1 : libvpx - LTS security update
2023-10-02 00:00:00
gentoo
gentoo
libvpx: Multiple Vulnerabilities
2023-10-04 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: libvpx-1.12.0-4.fc37
2023-10-23 01:25:02
[SECURITY] Fedora 38 Update: libvpx-1.13.0-5.fc38
2023-10-01 04:55:42
[SECURITY] Fedora 39 Update: libvpx-1.13.0-5.fc39
2023-10-02 00:16:31
oraclelinux
oraclelinux
libvpx security update
2023-10-10 00:00:00
libvpx security update
2023-10-11 00:00:00
almalinux
almalinux
Important: libvpx security update
2023-10-09 00:00:00
Important: libvpx security update
2023-10-09 00:00:00
debian
debian
[SECURITY] [DLA 3598-1] libvpx security update
2023-10-01 20:17:06
[SECURITY] [DSA 5518-1] libvpx security update
2023-10-05 19:18:38
[SECURITY] [DSA 5510-1] libvpx security update
2023-09-29 21:10:17
cve
cve
CVE-2023-44488
2023-09-30 20:15:10
CVE-2023-5217
2023-09-28 16:15:10
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2023-09-30 20:15:00
Heap overflow
2023-09-28 16:15:00
amazon
amazon
Medium: thunderbird
2023-10-12 15:09:00
nvd
nvd
CVE-2023-44488
2023-09-30 20:15:10
CVE-2023-5217
2023-09-28 16:15:10
redhatcve
redhatcve
CVE-2023-44488
2023-10-02 20:25:34
CVE-2023-5217
2023-09-28 14:24:48
cvelist
cvelist
CVE-2023-44488
2023-09-30 00:00:00
CVE-2023-5217
2023-09-28 15:23:18
debiancve
debiancve
CVE-2023-44488
2023-09-30 20:15:10
CVE-2023-5217
2023-09-28 16:15:10
alpinelinux
alpinelinux
CVE-2023-44488
2023-09-30 20:15:10
CVE-2023-5217
2023-09-28 16:15:10
cbl_mariner
cbl_mariner
CVE-2023-44488 affecting package libvpx for versions less than 1.13.1-1
2023-11-08 04:19:08
redos
redos
ROS-20231016-02
2023-10-16 00:00:00
ROS-20231016-04
2023-10-16 00:00:00
mageia
mageia
Updated libvpx packages fix a security vulnerability
2023-12-04 11:28:24
Updated libvpx packages fix security vulnerability
2023-10-02 13:18:07
Updated Firefox and Thunderbird packages fix security vulnerabilities
2023-10-10 20:21:41
veracode
veracode
Buffer Overflow
2023-10-10 06:26:44
Heap Buffer Overflow
2023-10-02 19:10:55
mozilla
mozilla
kaspersky
kaspersky
KLA60820 DoS vulnerability in Mozilla Firefox
2023-09-28 00:00:00
KLA60821 DoS vulnerability in Mozilla Firefox ESR
2023-09-28 00:00:00
KLA61042 DoS vulnerability in Mozilla Thunderbird
2023-09-28 00:00:00
malwarebytes
malwarebytes
Update Chrome now! Google patches another actively exploited vulnerability
2023-09-29 11:15:00
Update now! Apple patches vulnerabilities on iPhone and iPad
2023-10-05 05:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2023-09-30 21:42:55
[slackware-security] mozilla-firefox
2023-09-28 21:46:24
[slackware-security] libvpx
2023-09-30 21:42:24
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Webmproject Libvpx
2023-10-06 10:43:38
Exploit for Out-of-bounds Write in Webmproject Libvpx
2023-10-06 05:46:16
Exploit for Out-of-bounds Write in Webmproject Libvpx
2023-10-06 11:01:08
github
github
Electron affected by libvpx's heap buffer overflow in vp8 encoding
2023-09-28 18:30:45
CefSharp affected by libvpx's heap buffer overflow in vp8 encoding
2023-10-05 13:22:50
CefSharp affected by heap buffer overflow in WebP
2023-09-21 17:11:42
mscve
mscve
Chromium: CVE-2023-5217 Heap buffer overflow in vp8 encoding in libvpx
2023-09-29 16:24:54
cisa_kev
cisa_kev
Google Chromium libvpx Heap Buffer Overflow Vulnerability
2023-10-02 00:00:00
f5
f5
K000137105 : libvpx vulnerability CVE-2023-5217
2023-10-03 00:00:00
freebsd
freebsd
electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx
2023-09-28 00:00:00
chromium -- multiple vulnerabilities
2023-09-27 00:00:00
attackerkb
attackerkb
CVE-2023-5217
2023-09-28 00:00:00
citrix
citrix
apple
apple
About the security content of iOS 17.0.3 and iPadOS 17.0.3
2023-10-04 00:00:00
About the security content of iOS 16.7.1 and iPadOS 16.7.1
2023-10-10 00:00:00
wizblog
wizblog
msrc
msrc
chrome
chrome
Stable Channel Update for Desktop
2023-09-27 00:00:00
hivepro
hivepro
Google and Firefox fixes Zero-Day Flaw Exploited in the Wild
2023-10-02 06:29:28
rosalinux
rosalinux
Advisory ROSA-SA-2024-2357
2024-02-20 10:26:09
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.245 Low
EPSS
Percentile
96.7%
Related for CFOUNDRY:B26BE80AE504D506A8A06C0E3EF4D098