Lucene search

K
mageiaGentoo FoundationMGASA-2023-0280
HistoryOct 02, 2023 - 1:18 p.m.

Updated libvpx packages fix security vulnerability

2023-10-0213:18:07
Gentoo Foundation
advisories.mageia.org
35
libvpx
packages
heap buffer overflow
vulnerability
encoding
html page
exploit
unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.248

Percentile

96.7%

Heap buffer overflow in vp8 encoding in libvpx allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchlibvpx<Β 1.9.0-1.1libvpx-1.9.0-1.1.mga8
Mageia9noarchlibvpx<Β 1.12.0-1.1libvpx-1.12.0-1.1.mga9

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.248

Percentile

96.7%