Описание
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
A flaw was found in libvpx. A double-free issue can occur in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC. This can cause memory corruption and an exploitable crash.
Отчет
This vulnerability marked as Important rather than Moderate due to the nature of the flaw, a double-free in vpx_codec_enc_init_multi, which can lead to heap memory corruption. Double-free issues compromise memory integrity and are often a precursor to use-after-free or arbitrary code execution vulnerabilities, particularly in applications written in C/C++ that lack memory safety guarantees. In this case, the vulnerability occurs during encoder initialization for WebRTC, a high-frequency, remotely triggerable code path in browsers like Firefox. Because the failure happens after a failed allocation, it exposes a non-trivial edge case in error handling, which can be difficult to audit and reliably mitigate. The risk is elevated by the fact that WebRTC handles untrusted input from remote peers, making the flaw remotely exploitable in real-world scenarios.
Меры по смягчению последствий
Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | rhel10/firefox-flatpak | Affected | ||
| Red Hat Enterprise Linux 10 | rhel10/thunderbird-flatpak | Affected | ||
| Red Hat Enterprise Linux 6 | libvpx | Out of support scope | ||
| Red Hat Enterprise Linux 10 | firefox | Fixed | RHSA-2025:8341 | 02.06.2025 |
| Red Hat Enterprise Linux 10 | thunderbird | Fixed | RHSA-2025:8608 | 05.06.2025 |
| Red Hat Enterprise Linux 10 | libvpx | Fixed | RHSA-2025:9120 | 16.06.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | firefox | Fixed | RHSA-2025:9074 | 16.06.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | libvpx | Fixed | RHSA-2025:9331 | 23.06.2025 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2025:8308 | 29.05.2025 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2025:8756 | 10.06.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allow ...
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
EPSS
8.1 High
CVSS3