6 matches found
CVE-2023-5217
CVE-2023-5217 is a heap buffer overflow in VP8 encoding in libvpx (affecting Google Chrome before 117.0.5938.132 and libvpx 1.13.1). A crafted HTML page could remotely trigger heap corruption. Multiple connected sources confirm the vulnerability in libvpx/WebP contexts; Apple’s advisory notes CVE...
CVE-2023-44488
CVE-2023-44488 affects VP9 in libvpx prior to 1.13.1, where widths are mishandled during encoding, causing a crash. The CVE is documented across multiple sources including the libvpx 1.13.1 release and related advisories (e.g., ALAS2-2025-2960, CBLMariner). The issue is tied to libvpx’s handling ...
CVE-2024-5197
Summary: Multiple connected advisories confirm CVE-2024-5197 affects libvpx with integer overflows in vpx_img_alloc() and vpx_img_wrap(), leading to overflowed buffer calculations and potentially invalid fields in vpx_image_t for versions prior to 1.14.1. The issue is described across Amazon Linu...
CVE-2023-6349
CVE-2023-6349 (libvpx) describes a heap overflow when VP9 encodes frames wider than the configured size. Connected advisories/plugins confirm libvpx is affected in multiple Linux distributions (e.g., Amazon Linux 2/3, MiracleLinux, TencentOS Server) and commonly reference upgrading to libvpx 1.13...
CVE-2010-4203
CVE-2010-4203 affects WebM libvpx (VP8 Codec SDK) before 0.9.5 used in Google Chrome prior to 7.0.517.44. An input frame with invalid data can trigger memory corruption, leading to a crash or potential code execution. Multiple advisories (RHSA-2010:0999, ELSA-2010-0999, OpenVAS entries) document ...
CVE-2012-0823
CVE-2012-0823 affects the VP8 Codec SDK (libvpx) prior to 1.0.0 (code-named “Duclair”). The issue arises from the clamping of motion vectors in SPLITMV blocks, enabling an out-of-bounds read when decoding from a P-frame or from unspecified corrupt input, which can cause an application crash (DoS)...