8.8

CVE-2026-2447

Heap buffer overflow in libvpx

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEditionesr Version < 115.32.1
MozillaFirefox SwEdition- Version < 147.0.4
MozillaFirefox SwEditionesr Version >= 116.0 < 140.7.1
MozillaThunderbird Version < 140.7.2
MozillaThunderbird Version >= 141.0 < 147.0.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.052
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://bugzilla.mozilla.org/show_bug.cgi?id=2014390
Issue Tracking
Permissions Required