CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/SC:L/VI:H/SI:L/VA:N/SA:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
libvpx.so is vulnerable to Integer Overflow. The vulnerability is caused by calling large values of the d_w, d_h, or align parameter in the functions vpx_img_alloc() and vpx_img_wrap(), leading to invalid buffer sizes and offsets.