Lucene search

K
ubuntuUbuntuUSN-6403-2
HistoryOct 23, 2023 - 12:00 a.m.

libvpx vulnerabilities

2023-10-2300:00:00
ubuntu.com
25
ubuntu esm
libvpx
vp8
vp9
video codec
vulnerabilities
denial of service
arbitrary code
media files

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.248

Percentile

96.7%

Releases

  • Ubuntu 18.04 ESM

Packages

  • libvpx - VP8 and VP9 video codec

Details

USN-6403-1 fixed several vulnerabilities in libvpx. This update provides
the corresponding update for Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that libvpx did not properly handle certain malformed
media files. If an application using libvpx opened a specially crafted
file, a remote attacker could cause a denial of service, or possibly
execute arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchlibvpx5< 1.7.0-3ubuntu0.18.04.1+esm1UNKNOWN
Ubuntu18.04noarchlibvpx-dev< 1.7.0-3ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchlibvpx-doc< 1.7.0-3ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchlibvpx5< 1.7.0-3ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchlibvpx5-dbgsym< 1.7.0-3ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchvpx-tools< 1.7.0-3ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchvpx-tools-dbgsym< 1.7.0-3ubuntu0.18.04.1UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.248

Percentile

96.7%