GSD-2023-44488 — Vulnetix

GSD-2023-44488 PUBLISHED

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

Affected Products

Vendor	Product	Versions
n/a	n/a	*

Timeline

Sep 1, 2023 CVE Published
Apr 3, 2026 Distribution Patch
Apr 3, 2026 Security Advisory
Apr 3, 2026 Security Advisory

References

https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 url
https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f url
https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1 url
https://github.com/webmproject/libvpx/releases/tag/v1.13.1 url
[oss-security] 20230930 Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx mailing-list
[debian-lts-announce] 20231001 [SECURITY] [DLA 3598-1] libvpx security update mailing-list
https://bugzilla.redhat.com/show_bug.cgi?id=2241806 url
GLSA-202310-04 vendor-advisory
DSA-5518 vendor-advisory
FEDORA-2023-f696934fbf vendor-advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›