Lucene search

K
osvGoogleOSV:CVE-2023-6349
HistoryMay 27, 2024 - 12:15 p.m.

CVE-2023-6349

2024-05-2712:15:00
Google
osv.dev
8
libvpx
heap overflow
vp9
frame size
software upgrade

CVSS4

5.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/SC:L/VI:H/SI:H/VA:N/SA:N/S:N/AU:N/R:A/V:D

AI Score

6.9

Confidence

Low

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

CVSS4

5.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/SC:L/VI:H/SI:H/VA:N/SA:N/S:N/AU:N/R:A/V:D

AI Score

6.9

Confidence

Low