Search for packages
| purl | pkg:deb/debian/libvpx@1.6.1-2~bpo8%2B1 |
| Next non-vulnerable version | 1.12.0-1+deb12u3 |
| Latest non-vulnerable version | 1.12.0-1+deb12u3 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1xbq-c123-vyhw
Aliases: CVE-2020-0034 |
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 |
Affected by 9 other vulnerabilities. |
|
VCID-2xws-bjeg-3fg3
Aliases: CVE-2019-9433 |
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-43gu-zkqh-fqdq
Aliases: CVE-2023-44488 |
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. |
Affected by 1 other vulnerability. |
|
VCID-7du8-y7sz-cbf3
Aliases: CVE-2019-9325 |
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302 |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-d9rh-3d4z-uuhv
Aliases: CVE-2019-9232 |
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-ggnj-pb9g-bkc5
Aliases: CVE-2017-13194 |
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-gw8f-56ya-fyaj
Aliases: CVE-2025-5283 |
A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. |
Affected by 0 other vulnerabilities. |
|
VCID-p4cc-9c4p-qka4
Aliases: CVE-2023-6349 |
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above |
Affected by 1 other vulnerability. |
|
VCID-qq4y-61vn-pfdq
Aliases: CVE-2023-5217 GHSA-qqvq-6xgj-jw8g |
Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. |
Affected by 1 other vulnerability. |
|
VCID-zats-61cs-r7a2
Aliases: CVE-2019-9371 |
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 |
Affected by 1 other vulnerability. |
|
VCID-zzv1-58zk-juge
Aliases: CVE-2024-5197 |
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4tgt-b8dw-ckbt | libvpx: Denial of service in mediaserver |
CVE-2017-0393
|
| VCID-6dz7-gtuh-dqc4 |
CVE-2016-6712
|
|
| VCID-ndsk-7yex-pug2 |
CVE-2016-3881
|
|
| VCID-qsfe-bb4j-w7hh |
CVE-2016-2464
|
|
| VCID-sg1a-zd58-vbcb | libvpx: remote code execution via crafted media file |
CVE-2016-1621
|
| VCID-wqac-7dpk-kfd6 |
CVE-2016-6711
|