CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5197 – Integer overflow in libvpx
https://notcve.org/view.php?id=CVE-2024-5197
03 Jun 2024 — There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct... • https://g-issues.chromium.org/issues/332382766 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6349 – Heap overflow in libvpx
https://notcve.org/view.php?id=CVE-2023-6349
27 May 2024 — A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above Existe una vulnerabilidad de desbordamiento de montón en libvpx codificar un frame que tiene dimensiones mayores que el tamaño configurado originalmente con VP9 puede resultar en un desbordamiento de montón en libvpx. Recomendamos actualizar a la versión 1.13.1 o superior. A flaw wa... • https://crbug.com/webm/1642 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-44488 – libvpx: crash related to VP9 encoding in libvpx
https://notcve.org/view.php?id=CVE-2023-44488
30 Sep 2023 — VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. VP9 en libvpx anterior a 1.13.1 maneja mal las anchuras, lo que provoca un bloqueo relacionado con la codificación. A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a web browser t... • http://www.openwall.com/lists/oss-security/2023/09/30/4 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 1%CPEs: 25EXPL: 2CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •