{"url":"http://public2.vulnerablecode.io/api/packages/6187?format=json","purl":"pkg:deb/debian/libvpx@1.6.0-2~bpo8%2B1","type":"deb","namespace":"debian","name":"libvpx","version":"1.6.0-2~bpo8+1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3079?format=json","vulnerability_id":"VCID-2crz-j51e-byc3","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover two buffer\noverflow issues in the Libvpx library used for WebM video when decoding a\nmalformed WebM video file. These buffer overflows result in potentially\nexploitable crashes.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485","reference_id":"CVE-2015-4485","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-89","reference_id":"mfsa2015-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6187?format=json","purl":"pkg:deb/debian/libvpx@1.6.0-2~bpo8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.0-2~bpo8%252B1"}],"aliases":["CVE-2015-4485"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2crz-j51e-byc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2966?format=json","vulnerability_id":"VCID-cwdt-7ey1-5bax","summary":"Security researcher Khalil Zhani reported that a maliciously crafted\nvp9 format video could be used to trigger a buffer overflow while parsing the file. This\nleads to a potentially exploitable crash due to a flaw in the libvpx library. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506","reference_id":"CVE-2015-4506","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-101","reference_id":"mfsa2015-101","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-101"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6187?format=json","purl":"pkg:deb/debian/libvpx@1.6.0-2~bpo8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.0-2~bpo8%252B1"}],"aliases":["CVE-2015-4506"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwdt-7ey1-5bax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3080?format=json","vulnerability_id":"VCID-ew15-2e35-p3g1","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover two buffer\noverflow issues in the Libvpx library used for WebM video when decoding a\nmalformed WebM video file. These buffer overflows result in potentially\nexploitable crashes.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486","reference_id":"CVE-2015-4486","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-89","reference_id":"mfsa2015-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6187?format=json","purl":"pkg:deb/debian/libvpx@1.6.0-2~bpo8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.0-2~bpo8%252B1"}],"aliases":["CVE-2015-4486"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ew15-2e35-p3g1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.0-2~bpo8%252B1"}