5.9 Medium
CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/SC:L/VI:H/SI:L/VA:N/SA:N
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
A flaw was found in libvpx. When creating images, libvpx trusts the width, height, and alignment of the user input. However, it does not properly validate the provided values. This flaw allows an attacker to craft user inputs or trick the user into opening crafted files, where these types of values are invalid, leading to integer overflows during memory allocation procedures. A successful full attack leads to the targeted application crashing, resulting in a denial of service or memory corruption, which results in data integrity issues.