23 matches found
JLSEC-2026-376
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above...
RHSA-2026:5228 Red Hat Security Advisory: libvpx security update
Bulletin has no description...
RLSA-2026:4447 Important: libvpx security update
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 For more details about the security issues, including the...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Thunderbird 140.7.2 CVE-2026-2447: Fixed a heap buffer overflow in libvpx. bsc1258231 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
ALSA-2026:3361 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firef...
Debian dla-4489 : libvpx-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4489 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4489-1 [email protected] https://www.debian.org/lts/security/...
Debian dsa-6143 : libvpx-dev - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6143 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6143-1 [email protected] https://www.debian.org/security/...
Security Vulnerabilities fixed in Thunderbird 147.0.2 and 140.7.2 — Mozilla
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. CVE-2026-2447: Heap buffer overflow in libvpx Reporter jayjayjazz Impact high References Bug 2014390...
OPENSUSE-SU-2026:20183-1 Security update for chromium
This update for chromium fixes the following issues: Changes in chromium: - Chromium 144.0.7559.132 boo1257650 CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
libvpx: Double-free in libvpx encoder
A flaw was found in libvpx. A double-free issue can occur in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This can cause memory corruption and an exploitable crash...
libvpx: crash related to VP9 encoding in libvpx
A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a w...
libvpx: crash related to VP9 encoding in libvpx
A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a w...
libvpx: Heap buffer overflow in vp8 encoding in libvpx
A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a w...
libvpx: Heap buffer overflow in vp8 encoding in libvpx
A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a w...
libvpx: Heap buffer overflow in vp8 encoding in libvpx
A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a w...
VP9 in libvpx before 1.13.1 mishandles widths leading to a crash related to encoding.
...
CVE-2023-5217
A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a w...
UBUNTU-CVE-2016-6711
A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the...
UBUNTU-CVE-2016-6712
A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the...
UBUNTU-CVE-2015-4486
The decreaserefcount function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via malformed WebM video data...