Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

Gentoo FoundationMGASA-2023-0280

HistoryOct 02, 2023 - 1:18 p.m.

Updated libvpx packages fix security vulnerability

Vulners
Mageia
Updated libvpx packages fix security vulnerability

2023-10-0213:18:07

Gentoo Foundation

advisories.mageia.org

libvpx

packages

heap buffer overflow

vulnerability

encoding

html page

exploit

unix

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.245 Low

EPSS

Percentile

96.7%

JSON

Heap buffer overflow in vp8 encoding in libvpx allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchlibvpx< 1.9.0-1.1libvpx-1.9.0-1.1.mga8
Mageia9noarchlibvpx< 1.12.0-1.1libvpx-1.12.0-1.1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	libvpx	< 1.9.0-1.1	libvpx-1.9.0-1.1.mga8
Mageia	9	noarch	libvpx	< 1.12.0-1.1	libvpx-1.12.0-1.1.mga9

References

bugs.mageia.org/show_bug.cgi?id=32342

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217

www.openwall.com/lists/oss-security/2023/09/28/5

osv 17

fedora 6

prion 1

nessus 68

github 3

openvas 35

kaspersky 7

veracode 1

githubexploit 3

cve 1

mozilla 1

malwarebytes 2

ubuntucve 1

slackware 3

debian 6

redhatcve 1

mscve 1

cisa_kev 1

f5 1

cvelist 1

nvd 1

freebsd 2

debiancve 1

alpinelinux 1

attackerkb 1

redos 1

cloudfoundry 1

oraclelinux 4

apple 2

gentoo 1

almalinux 3

redhat 10

citrix 1

ubuntu 3

wizblog 1

msrc 1

chrome 1

hivepro 1

mageia 1

rosalinux 1

thn 1

osv

firefox-esr - security update

2023-09-29 00:00:00

firefox-esr - security update

2023-09-30 00:00:00

CVE-2023-5217

2023-09-28 16:15:10

fedora

[SECURITY] Fedora 38 Update: libvpx-1.13.0-5.fc38

2023-10-01 04:55:42

[SECURITY] Fedora 39 Update: libvpx-1.13.0-5.fc39

2023-10-02 00:16:31

[SECURITY] Fedora 37 Update: libvpx-1.12.0-4.fc37

2023-10-23 01:25:02

prion

Heap overflow

2023-09-28 16:15:00

nessus

Debian DSA-5510-1 : libvpx - security update

2023-09-30 00:00:00

Debian DSA-5509-1 : firefox-esr - security update

2023-09-30 00:00:00

Fedora 39 : thunderbird (2023-1afa208698)

2023-11-07 00:00:00

github

Electron affected by libvpx's heap buffer overflow in vp8 encoding

2023-09-28 18:30:45

CefSharp affected by libvpx's heap buffer overflow in vp8 encoding

2023-10-05 13:22:50

CefSharp affected by heap buffer overflow in WebP

2023-09-21 17:11:42

openvas

Debian: Security Advisory (DSA-5509-1)

2023-10-02 00:00:00

openSUSE: Security Advisory for libvpx (SUSE-SU-2023:3948-1)

2024-03-04 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:3950-1)

2023-10-04 00:00:00

kaspersky

KLA60821 DoS vulnerability in Mozilla Firefox ESR

2023-09-28 00:00:00

KLA60820 DoS vulnerability in Mozilla Firefox

2023-09-28 00:00:00

KLA61042 DoS vulnerability in Mozilla Thunderbird

2023-09-28 00:00:00

veracode

Heap Buffer Overflow

2023-10-02 19:10:55

githubexploit

Exploit for Out-of-bounds Write in Webmproject Libvpx

2023-10-06 10:43:38

Exploit for Out-of-bounds Write in Webmproject Libvpx

2023-10-06 05:46:16

Exploit for Out-of-bounds Write in Webmproject Libvpx

2023-10-06 11:01:08

cve

CVE-2023-5217

2023-09-28 16:15:10

mozilla

Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, Firefox Focus for Android 118.1.0, and Thunderbird 115.3.1. — Mozilla

2023-09-28 00:00:00

malwarebytes

Update Chrome now! Google patches another actively exploited vulnerability

2023-09-29 11:15:00

Update now! Apple patches vulnerabilities on iPhone and iPad

2023-10-05 05:00:00

ubuntucve

CVE-2023-5217

2023-09-29 00:00:00

slackware

[slackware-security] mozilla-thunderbird

2023-09-30 21:42:55

[slackware-security] mozilla-firefox

2023-09-28 21:46:24

[slackware-security] libvpx

2023-09-30 21:42:24

debian

[SECURITY] [DSA 5510-1] libvpx security update

2023-09-29 21:10:17

[SECURITY] [DLA 3591-1] firefox-esr security update

2023-09-30 10:16:57

[SECURITY] [DSA 5509-1] firefox-esr security update

2023-09-29 17:55:10

redhatcve

CVE-2023-5217

2023-09-28 14:24:48

mscve

Chromium: CVE-2023-5217 Heap buffer overflow in vp8 encoding in libvpx

2023-09-29 16:24:54

cisa_kev

Google Chromium libvpx Heap Buffer Overflow Vulnerability

2023-10-02 00:00:00

K000137105 : libvpx vulnerability CVE-2023-5217

2023-10-03 00:00:00

cvelist

CVE-2023-5217

2023-09-28 15:23:18

nvd

CVE-2023-5217

2023-09-28 16:15:10

freebsd

electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx

2023-09-28 00:00:00

chromium -- multiple vulnerabilities

2023-09-27 00:00:00

debiancve

CVE-2023-5217

2023-09-28 16:15:10

alpinelinux

CVE-2023-5217

2023-09-28 16:15:10

attackerkb

CVE-2023-5217

2023-09-28 00:00:00

redos

ROS-20231016-04

2023-10-16 00:00:00

cloudfoundry

USN-6403-1: libvpx vulnerabilities | Cloud Foundry

2023-10-05 00:00:00

oraclelinux

libvpx security update

2023-10-10 00:00:00

libvpx security update

2023-10-11 00:00:00

thunderbird security update

2023-10-13 00:00:00

apple

About the security content of iOS 17.0.3 and iPadOS 17.0.3

2023-10-04 00:00:00

About the security content of iOS 16.7.1 and iPadOS 16.7.1

2023-10-10 00:00:00

gentoo

libvpx: Multiple Vulnerabilities

2023-10-04 00:00:00

almalinux

Important: libvpx security update

2023-10-09 00:00:00

Important: libvpx security update

2023-10-09 00:00:00

Important: firefox security update

2023-10-04 00:00:00

redhat

(RHSA-2023:5535) Important: libvpx security update

2023-10-09 09:50:48

(RHSA-2023:5540) Important: libvpx security update

2023-10-09 09:57:50

(RHSA-2023:5539) Important: libvpx security update

2023-10-09 09:56:54

citrix

Impact of Chromium vulnerabilities CVE-2023-4863 and CVE-2023-5217 on Cloud Software Group products

2023-10-06 20:18:12

ubuntu

libvpx vulnerabilities

2023-11-01 00:00:00

libvpx vulnerabilities

2023-10-02 00:00:00

libvpx vulnerabilities

2023-10-23 00:00:00

wizblog

Critical vulnerabilities in media libraries exploited in the wild: everything you need to know

2023-10-01 13:31:06

msrc

Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217

2023-10-02 07:00:00

chrome

Stable Channel Update for Desktop

2023-09-27 00:00:00

hivepro

Google and Firefox fixes Zero-Day Flaw Exploited in the Wild

2023-10-02 06:29:28

mageia

Updated Firefox and Thunderbird packages fix security vulnerabilities

2023-10-10 20:21:41

rosalinux

Advisory ROSA-SA-2024-2357

2024-02-20 10:26:09

thn

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

2023-10-05 03:42:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.245 Low

EPSS

Percentile

96.7%

JSON

Related for MGASA-2023-0280