CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5197 – Integer overflow in libvpx
https://notcve.org/view.php?id=CVE-2024-5197
03 Jun 2024 — There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct... • https://g-issues.chromium.org/issues/332382766 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-44488 – libvpx: crash related to VP9 encoding in libvpx
https://notcve.org/view.php?id=CVE-2023-44488
30 Sep 2023 — VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. VP9 en libvpx anterior a 1.13.1 maneja mal las anchuras, lo que provoca un bloqueo relacionado con la codificación. A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a web browser t... • http://www.openwall.com/lists/oss-security/2023/09/30/4 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 1%CPEs: 25EXPL: 2CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2012-0823
https://notcve.org/view.php?id=CVE-2012-0823
23 Feb 2012 — VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks". VP8 Codec SDK (libvpx) anterior a v1.0.0 "Duclair" permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de (1) no especificado "de entrada corrupta" o (2), "a partir de l... • http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html • CWE-20: Improper Input Validation •