8.8

CVE-2026-2447

Heap buffer overflow in libvpx

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEditionesr Version < 115.32.1
MozillaFirefox SwEdition- Version < 147.0.4
MozillaFirefox SwEditionesr Version >= 116.0 < 140.7.1
MozillaThunderbird Version < 140.7.2
MozillaThunderbird Version >= 141.0 < 147.0.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.6% 0.442
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://bugzilla.mozilla.org/show_bug.cgi?id=2014390
Issue Tracking
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-10/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-11/
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2026/02/msg00028.html
https://access.redhat.com/errata/RHSA-2026:8747
https://access.redhat.com/errata/RHSA-2026:8746
https://access.redhat.com/errata/RHSA-2026:8748
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:3338
https://access.redhat.com/errata/RHSA-2026:3339
https://access.redhat.com/errata/RHSA-2026:3361
https://access.redhat.com/errata/RHSA-2026:3491
https://access.redhat.com/errata/RHSA-2026:3492
https://access.redhat.com/errata/RHSA-2026:3493
https://access.redhat.com/errata/RHSA-2026:3494
https://access.redhat.com/errata/RHSA-2026:3495
https://access.redhat.com/errata/RHSA-2026:3496
https://access.redhat.com/errata/RHSA-2026:3497
https://access.redhat.com/errata/RHSA-2026:3515
https://access.redhat.com/errata/RHSA-2026:3516
https://access.redhat.com/errata/RHSA-2026:3517
https://access.redhat.com/errata/RHSA-2026:3967
https://access.redhat.com/errata/RHSA-2026:3976
https://access.redhat.com/errata/RHSA-2026:3978
https://access.redhat.com/errata/RHSA-2026:3979
https://access.redhat.com/errata/RHSA-2026:3980
https://access.redhat.com/errata/RHSA-2026:3981
https://access.redhat.com/errata/RHSA-2026:3982
https://access.redhat.com/errata/RHSA-2026:3983
https://access.redhat.com/errata/RHSA-2026:3984
https://access.redhat.com/errata/RHSA-2026:4022
https://access.redhat.com/errata/RHSA-2026:4152
https://access.redhat.com/errata/RHSA-2026:4260
https://access.redhat.com/errata/RHSA-2026:4432
https://access.redhat.com/errata/RHSA-2026:4447
https://access.redhat.com/errata/RHSA-2026:4629
https://access.redhat.com/errata/RHSA-2026:5227
https://access.redhat.com/errata/RHSA-2026:5228
https://access.redhat.com/errata/RHSA-2026:5229
https://access.redhat.com/errata/RHSA-2026:5230
https://access.redhat.com/errata/RHSA-2026:5231
https://access.redhat.com/errata/RHSA-2026:5319
https://access.redhat.com/errata/RHSA-2026:5320
https://access.redhat.com/errata/RHSA-2026:5323
https://access.redhat.com/errata/RHSA-2026:5324
https://access.redhat.com/errata/RHSA-2026:5326
https://access.redhat.com/security/cve/CVE-2026-2447
https://bugzilla.redhat.com/show_bug.cgi?id=2440219
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2447.json