CVE-2023-6349 Heap overflow in libvpx

2024-05-2711:26:58

CWE-122

Google

www.cve.org

cve-2023-6349

heap overflow

libvpx

vp9

upgrade

5.7 Medium

CVSS4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/SC:L/VI:H/SI:H/VA:N/SA:N/S:N/AU:N/R:A/V:D

0.0004 Low

EPSS

Percentile

9.1%

JSON

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx.
We recommend upgrading to version 1.13.1 or above

CNA Affected

[
  {
    "collectionURL": "https://chromium.googlesource.com/",
    "defaultStatus": "unaffected",
    "packageName": "libvpx",
    "product": "libvpx",
    "repo": "https://chromium.googlesource.com/webm/libvpx",
    "vendor": "Chromium",
    "versions": [
      {
        "lessThan": "1.13.1",
        "status": "affected",
        "version": "1.5.0",
        "versionType": "semver"
      }
    ]
  }
]