Lucene search

K
ubuntuUbuntuUSN-6403-1
HistoryOct 02, 2023 - 12:00 a.m.

libvpx vulnerabilities

2023-10-0200:00:00
ubuntu.com
27
ubuntu
libvpx
vp8
vp9
denial of service
arbitrary code
media files
security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.248

Percentile

96.7%

Releases

  • Ubuntu 23.04
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • libvpx - VP8 and VP9 video codec

Details

It was discovered that libvpx did not properly handle certain malformed
media files. If an application using libvpx opened a specially crafted
file, a remote attacker could cause a denial of service, or possibly
execute arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu23.04noarchlibvpx7< 1.12.0-1ubuntu1.2UNKNOWN
Ubuntu23.04noarchlibvpx-dev< 1.12.0-1ubuntu1.2UNKNOWN
Ubuntu23.04noarchlibvpx-doc< 1.12.0-1ubuntu1.2UNKNOWN
Ubuntu23.04noarchlibvpx7-dbgsym< 1.12.0-1ubuntu1.2UNKNOWN
Ubuntu23.04noarchvpx-tools< 1.12.0-1ubuntu1.2UNKNOWN
Ubuntu23.04noarchvpx-tools-dbgsym< 1.12.0-1ubuntu1.2UNKNOWN
Ubuntu22.04noarchlibvpx7< 1.11.0-2ubuntu2.2UNKNOWN
Ubuntu22.04noarchlibvpx-dev< 1.11.0-2ubuntu2.2UNKNOWN
Ubuntu22.04noarchlibvpx-doc< 1.11.0-2ubuntu2.2UNKNOWN
Ubuntu22.04noarchlibvpx7-dbgsym< 1.11.0-2ubuntu2.2UNKNOWN
Rows per page:
1-10 of 181

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.248

Percentile

96.7%