CVE-2024-5197
- EPSS 0.22%
- Published 03.06.2024 14:15:09
- Last modified 22.07.2025 18:17:56
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of t...
CVE-2023-6349
- EPSS 0.08%
- Published 27.05.2024 12:15:08
- Last modified 22.07.2025 20:08:40
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
CVE-2023-44488
- EPSS 0.82%
- Published 30.09.2023 20:15:10
- Last modified 21.11.2024 08:25:59
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
CVE-2023-5217
- EPSS 1.8%
- Published 28.09.2023 16:15:10
- Last modified 03.04.2025 18:55:36
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- EPSS 1.21%
- Published 23.02.2012 20:07:32
- Last modified 11.04.2025 00:51:21
VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to ...
- EPSS 8.12%
- Published 06.11.2010 00:00:03
- Last modified 11.04.2025 00:51:21
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.