Search for packages
| purl | pkg:deb/debian/libvpx@1.3.0-3%2Bdeb8u1 |
| Next non-vulnerable version | 1.12.0-1+deb12u3 |
| Latest non-vulnerable version | 1.12.0-1+deb12u3 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1xbq-c123-vyhw
Aliases: CVE-2020-0034 |
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 |
Affected by 9 other vulnerabilities. |
|
VCID-2xws-bjeg-3fg3
Aliases: CVE-2019-9433 |
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-3725-z3mj-jubv
Aliases: CVE-2015-4506 |
Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 17 other vulnerabilities. |
|
VCID-43gu-zkqh-fqdq
Aliases: CVE-2023-44488 |
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. |
Affected by 1 other vulnerability. |
|
VCID-4tgt-b8dw-ckbt
Aliases: CVE-2017-0393 |
libvpx: Denial of service in mediaserver |
Affected by 11 other vulnerabilities. |
|
VCID-6dz7-gtuh-dqc4
Aliases: CVE-2016-6712 |
Affected by 11 other vulnerabilities. |
|
|
VCID-7du8-y7sz-cbf3
Aliases: CVE-2019-9325 |
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302 |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-d9rh-3d4z-uuhv
Aliases: CVE-2019-9232 |
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-ggnj-pb9g-bkc5
Aliases: CVE-2017-13194 |
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-gw8f-56ya-fyaj
Aliases: CVE-2025-5283 |
A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. |
Affected by 0 other vulnerabilities. |
|
VCID-ndsk-7yex-pug2
Aliases: CVE-2016-3881 |
Affected by 11 other vulnerabilities. |
|
|
VCID-njs7-pzsj-kuhv
Aliases: CVE-2015-1258 |
Affected by 17 other vulnerabilities. |
|
|
VCID-p4cc-9c4p-qka4
Aliases: CVE-2023-6349 |
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above |
Affected by 1 other vulnerability. |
|
VCID-q4q3-5jqa-y7ew
Aliases: CVE-2015-4486 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in potentially exploitable crashes. |
Affected by 17 other vulnerabilities. |
|
VCID-qq4y-61vn-pfdq
Aliases: CVE-2023-5217 GHSA-qqvq-6xgj-jw8g |
Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. |
Affected by 1 other vulnerability. |
|
VCID-qsfe-bb4j-w7hh
Aliases: CVE-2016-2464 |
Affected by 11 other vulnerabilities. |
|
|
VCID-sg1a-zd58-vbcb
Aliases: CVE-2016-1621 |
libvpx: remote code execution via crafted media file |
Affected by 11 other vulnerabilities. |
|
VCID-sy72-pkwh-hkh9
Aliases: CVE-2015-4485 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in potentially exploitable crashes. |
Affected by 17 other vulnerabilities. |
|
VCID-wqac-7dpk-kfd6
Aliases: CVE-2016-6711 |
Affected by 11 other vulnerabilities. |
|
|
VCID-zats-61cs-r7a2
Aliases: CVE-2019-9371 |
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 |
Affected by 1 other vulnerability. |
|
VCID-zzv1-58zk-juge
Aliases: CVE-2024-5197 |
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-ggnj-pb9g-bkc5 | A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. |
CVE-2017-13194
|