7.5

CVE-2023-44488

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WebmprojectLibvpx Version < 1.13.1
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
DebianDebian Linux Version12.0
FedoraprojectFedora Version37
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.94% 0.774
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

http://www.openwall.com/lists/oss-security/2023/09/30/4
Third Party Advisory
Mailing List
https://github.com/webmproject/libvpx/releases/tag/v1.13.1
Release Notes
https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html
Mailing List
https://security.gentoo.org/glsa/202310-04
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2241806
Patch
Third Party Advisory
Issue Tracking
https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f
Patch
https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937
Patch
https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1
Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/
Third Party Advisory
Mailing List
https://www.debian.org/security/2023/dsa-5518
Third Party Advisory