{"url":"http://public2.vulnerablecode.io/api/packages/6185?format=json","purl":"pkg:deb/debian/libvpx@1.3.0-3","type":"deb","namespace":"debian","name":"libvpx","version":"1.3.0-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.6.0-2~bpo8+1","latest_non_vulnerable_version":"1.6.0-2~bpo8+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3079?format=json","vulnerability_id":"VCID-2crz-j51e-byc3","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover two buffer\noverflow issues in the Libvpx library used for WebM video when decoding a\nmalformed WebM video file. These buffer overflows result in potentially\nexploitable crashes.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485","reference_id":"CVE-2015-4485","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-89","reference_id":"mfsa2015-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6187?format=json","purl":"pkg:deb/debian/libvpx@1.6.0-2~bpo8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.0-2~bpo8%252B1"}],"aliases":["CVE-2015-4485"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2crz-j51e-byc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2966?format=json","vulnerability_id":"VCID-cwdt-7ey1-5bax","summary":"Security researcher Khalil Zhani reported that a maliciously crafted\nvp9 format video could be used to trigger a buffer overflow while parsing the file. This\nleads to a potentially exploitable crash due to a flaw in the libvpx library. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506","reference_id":"CVE-2015-4506","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-101","reference_id":"mfsa2015-101","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-101"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6187?format=json","purl":"pkg:deb/debian/libvpx@1.6.0-2~bpo8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.0-2~bpo8%252B1"}],"aliases":["CVE-2015-4506"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwdt-7ey1-5bax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3080?format=json","vulnerability_id":"VCID-ew15-2e35-p3g1","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover two buffer\noverflow issues in the Libvpx library used for WebM video when decoding a\nmalformed WebM video file. These buffer overflows result in potentially\nexploitable crashes.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486","reference_id":"CVE-2015-4486","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-89","reference_id":"mfsa2015-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6187?format=json","purl":"pkg:deb/debian/libvpx@1.6.0-2~bpo8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.0-2~bpo8%252B1"}],"aliases":["CVE-2015-4486"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ew15-2e35-p3g1"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2692?format=json","vulnerability_id":"VCID-j7uq-j289-zyff","summary":"Using the Address Sanitizer tool, security researcher Abhishek\nArya (Inferno) of the Google Chrome Security Team found an\nout-of-bounds write when buffering WebM format video containing frames with\ninvalid tile sizes. This can lead to a potentially exploitable crash during WebM\nvideo playback.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578","reference_id":"CVE-2014-1578","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-77","reference_id":"mfsa2014-77","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6185?format=json","purl":"pkg:deb/debian/libvpx@1.3.0-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2crz-j51e-byc3"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ew15-2e35-p3g1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.3.0-3"}],"aliases":["CVE-2014-1578"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7uq-j289-zyff"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.3.0-3"}