Описание
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library.
Отчет
This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources. Customers using this application, which does server-side video codecs by linking to the libvpx library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libvpx | Not affected | ||
| Red Hat Enterprise Linux 7 | libvpx | Not affected | ||
| Red Hat Enterprise Linux 7 | thunderbird | Affected | ||
| Red Hat Enterprise Linux 9 | firefox:flatpak/firefox | Affected | ||
| Red Hat Enterprise Linux 9 | thunderbird:flatpak/thunderbird | Affected | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2023:6162 | 30.10.2023 |
| Red Hat Enterprise Linux 8 | libvpx | Fixed | RHSA-2023:5537 | 09.10.2023 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2023:6187 | 30.10.2023 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2023:6194 | 30.10.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | libvpx | Fixed | RHSA-2023:5535 | 09.10.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash rela ...
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
Уязвимость библиотеки мультимедиа libvpx, связанная с некорректной обработкой исключительных состояний при обработке определенных видеоданных специального формата, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3