Search for packages
| purl | pkg:deb/debian/libvpx@1.7.0-3%2Bdeb10u1 |
| Next non-vulnerable version | 1.12.0-1+deb12u3 |
| Latest non-vulnerable version | 1.12.0-1+deb12u3 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5ux6-q5sa-aaap
Aliases: CVE-2019-9325 |
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302 |
Affected by 1 other vulnerability. |
|
VCID-7zsc-utjq-aaaf
Aliases: CVE-2019-9371 |
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 |
Affected by 1 other vulnerability. |
|
VCID-9ru8-kjym-aaae
Aliases: CVE-2023-5217 GHSA-qqvq-6xgj-jw8g |
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-e1b5-mfrx-aaae
Aliases: CVE-2019-9232 |
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 |
Affected by 1 other vulnerability. |
|
VCID-jbsd-7ptm-aaae
Aliases: CVE-2019-9433 |
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 |
Affected by 1 other vulnerability. |
|
VCID-q9p1-841v-aaap
Aliases: CVE-2023-6349 |
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above |
Affected by 1 other vulnerability. |
|
VCID-rbr4-a3uc-aaap
Aliases: CVE-2023-44488 |
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. |
Affected by 1 other vulnerability. |
|
VCID-wwy6-zvb1-aaab
Aliases: CVE-2024-5197 |
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3fjw-74q5-aaah | In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 |
CVE-2020-0034
|
| VCID-5ux6-q5sa-aaap | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302 |
CVE-2019-9325
|
| VCID-6u7a-r2zk-aaar | A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. |
CVE-2017-13194
|
| VCID-7zsc-utjq-aaaf | In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 |
CVE-2019-9371
|
| VCID-e1b5-mfrx-aaae | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 |
CVE-2019-9232
|
| VCID-jbsd-7ptm-aaae | In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 |
CVE-2019-9433
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T23:51:18.021355+00:00 | Debian Importer | Affected by | VCID-wwy6-zvb1-aaab | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T20:41:41.324206+00:00 | Debian Importer | Affected by | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T18:07:17.852826+00:00 | Debian Oval Importer | Affected by | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T18:04:31.020718+00:00 | Debian Oval Importer | Affected by | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:40:43.845168+00:00 | Debian Oval Importer | Affected by | VCID-9ru8-kjym-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:55:43.892105+00:00 | Debian Oval Importer | Fixing | VCID-3fjw-74q5-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:19:16.049236+00:00 | Debian Oval Importer | Fixing | VCID-6u7a-r2zk-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:29:18.884552+00:00 | Debian Oval Importer | Fixing | VCID-7zsc-utjq-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:18:40.774253+00:00 | Debian Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 36.1.3 |
| 2025-06-21T13:38:54.690742+00:00 | Debian Oval Importer | Fixing | VCID-jbsd-7ptm-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:02:58.605606+00:00 | Debian Oval Importer | Fixing | VCID-e1b5-mfrx-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:48:34.791373+00:00 | Debian Oval Importer | Fixing | VCID-5ux6-q5sa-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T05:06:39.636164+00:00 | Debian Oval Importer | Affected by | VCID-5ux6-q5sa-aaap | None | 36.1.3 |
| 2025-06-21T04:55:19.571039+00:00 | Debian Oval Importer | Affected by | VCID-7zsc-utjq-aaaf | None | 36.1.3 |
| 2025-06-21T04:34:21.157559+00:00 | Debian Oval Importer | Affected by | VCID-e1b5-mfrx-aaae | None | 36.1.3 |
| 2025-06-21T03:35:04.400733+00:00 | Debian Importer | Affected by | VCID-9ru8-kjym-aaae | None | 36.1.3 |
| 2025-06-21T03:13:25.060648+00:00 | Debian Oval Importer | Affected by | VCID-jbsd-7ptm-aaae | None | 36.1.3 |
| 2025-06-21T01:12:37.219267+00:00 | Debian Oval Importer | Fixing | VCID-6u7a-r2zk-aaar | None | 36.1.3 |
| 2025-06-21T01:04:12.333571+00:00 | Debian Oval Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 36.1.3 |
| 2025-06-21T00:24:54.033700+00:00 | Debian Oval Importer | Fixing | VCID-3fjw-74q5-aaah | None | 36.1.3 |
| 2025-06-20T23:45:49.307905+00:00 | Debian Oval Importer | Fixing | VCID-5ux6-q5sa-aaap | None | 36.1.3 |
| 2025-06-20T21:48:57.708639+00:00 | Debian Oval Importer | Fixing | VCID-e1b5-mfrx-aaae | None | 36.1.3 |
| 2025-06-20T21:45:06.641360+00:00 | Debian Oval Importer | Fixing | VCID-jbsd-7ptm-aaae | None | 36.1.3 |
| 2025-06-08T11:49:26.897542+00:00 | Debian Oval Importer | Fixing | VCID-6u7a-r2zk-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:38:51.586651+00:00 | Debian Oval Importer | Affected by | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:36:10.460286+00:00 | Debian Oval Importer | Affected by | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:26:14.536410+00:00 | Debian Oval Importer | Affected by | VCID-9ru8-kjym-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:49:02.393099+00:00 | Debian Oval Importer | Fixing | VCID-3fjw-74q5-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:13:13.307023+00:00 | Debian Oval Importer | Fixing | VCID-6u7a-r2zk-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:22:21.826264+00:00 | Debian Oval Importer | Fixing | VCID-7zsc-utjq-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:33:09.329397+00:00 | Debian Oval Importer | Fixing | VCID-jbsd-7ptm-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:57:53.453574+00:00 | Debian Oval Importer | Fixing | VCID-e1b5-mfrx-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:43:37.030644+00:00 | Debian Oval Importer | Fixing | VCID-5ux6-q5sa-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T22:44:06.368119+00:00 | Debian Oval Importer | Affected by | VCID-5ux6-q5sa-aaap | None | 36.1.0 |
| 2025-06-07T22:32:38.337835+00:00 | Debian Oval Importer | Affected by | VCID-7zsc-utjq-aaaf | None | 36.1.0 |
| 2025-06-07T22:10:50.823009+00:00 | Debian Oval Importer | Affected by | VCID-e1b5-mfrx-aaae | None | 36.1.0 |
| 2025-06-07T20:46:18.392434+00:00 | Debian Oval Importer | Affected by | VCID-jbsd-7ptm-aaae | None | 36.1.0 |
| 2025-06-07T18:35:17.013537+00:00 | Debian Oval Importer | Fixing | VCID-6u7a-r2zk-aaar | None | 36.1.0 |
| 2025-06-07T18:26:45.276058+00:00 | Debian Oval Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 36.1.0 |
| 2025-06-07T17:47:41.261827+00:00 | Debian Oval Importer | Fixing | VCID-3fjw-74q5-aaah | None | 36.1.0 |
| 2025-06-07T17:08:42.261097+00:00 | Debian Oval Importer | Fixing | VCID-5ux6-q5sa-aaap | None | 36.1.0 |
| 2025-06-07T15:12:02.551982+00:00 | Debian Oval Importer | Fixing | VCID-e1b5-mfrx-aaae | None | 36.1.0 |
| 2025-06-07T15:08:07.097246+00:00 | Debian Oval Importer | Fixing | VCID-jbsd-7ptm-aaae | None | 36.1.0 |
| 2025-04-13T01:19:33.035016+00:00 | Debian Oval Importer | Affected by | VCID-wwy6-zvb1-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T00:51:40.728386+00:00 | Debian Oval Importer | Affected by | VCID-wwy6-zvb1-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-13T00:35:45.014518+00:00 | Debian Oval Importer | Affected by | VCID-q9p1-841v-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T00:35:44.246184+00:00 | Debian Oval Importer | Affected by | VCID-q9p1-841v-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T22:20:51.844823+00:00 | Debian Oval Importer | Affected by | VCID-jbsd-7ptm-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:10:16.684441+00:00 | Debian Oval Importer | Affected by | VCID-5ux6-q5sa-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:07:13.412810+00:00 | Debian Oval Importer | Affected by | VCID-7zsc-utjq-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:38:01.445351+00:00 | Debian Oval Importer | Affected by | VCID-9ru8-kjym-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:12:49.639241+00:00 | Debian Oval Importer | Fixing | VCID-3fjw-74q5-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:21:05.545075+00:00 | Debian Oval Importer | Affected by | VCID-e1b5-mfrx-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:34:26.354756+00:00 | Debian Oval Importer | Fixing | VCID-6u7a-r2zk-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:20:28.738138+00:00 | Debian Oval Importer | Affected by | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:17:39.479252+00:00 | Debian Oval Importer | Affected by | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:58:35.197068+00:00 | Debian Oval Importer | Affected by | VCID-9ru8-kjym-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:20:35.686936+00:00 | Debian Oval Importer | Fixing | VCID-3fjw-74q5-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:45:03.977172+00:00 | Debian Oval Importer | Fixing | VCID-6u7a-r2zk-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:54:58.060903+00:00 | Debian Oval Importer | Fixing | VCID-7zsc-utjq-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:05:26.054956+00:00 | Debian Oval Importer | Fixing | VCID-jbsd-7ptm-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:29:45.578397+00:00 | Debian Oval Importer | Fixing | VCID-e1b5-mfrx-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:15:21.610314+00:00 | Debian Oval Importer | Fixing | VCID-5ux6-q5sa-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T21:15:57.061859+00:00 | Debian Oval Importer | Affected by | VCID-5ux6-q5sa-aaap | None | 36.0.0 |
| 2025-04-07T21:04:17.058295+00:00 | Debian Oval Importer | Affected by | VCID-7zsc-utjq-aaaf | None | 36.0.0 |
| 2025-04-07T20:42:20.965149+00:00 | Debian Oval Importer | Affected by | VCID-e1b5-mfrx-aaae | None | 36.0.0 |
| 2025-04-07T19:16:49.789780+00:00 | Debian Oval Importer | Affected by | VCID-jbsd-7ptm-aaae | None | 36.0.0 |
| 2025-04-07T17:13:01.725493+00:00 | Debian Oval Importer | Fixing | VCID-6u7a-r2zk-aaar | None | 36.0.0 |
| 2025-04-07T17:04:21.429260+00:00 | Debian Oval Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 36.0.0 |
| 2025-04-07T16:24:09.854971+00:00 | Debian Oval Importer | Fixing | VCID-3fjw-74q5-aaah | None | 36.0.0 |
| 2025-04-07T15:42:15.711627+00:00 | Debian Oval Importer | Fixing | VCID-5ux6-q5sa-aaap | None | 36.0.0 |
| 2025-04-07T13:43:46.625381+00:00 | Debian Oval Importer | Fixing | VCID-e1b5-mfrx-aaae | None | 36.0.0 |
| 2025-04-07T13:39:51.295433+00:00 | Debian Oval Importer | Fixing | VCID-jbsd-7ptm-aaae | None | 36.0.0 |
| 2025-04-05T19:15:21.611472+00:00 | Debian Importer | Affected by | VCID-wwy6-zvb1-aaab | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T16:44:53.674923+00:00 | Debian Importer | Affected by | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T10:50:58.260166+00:00 | Debian Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 36.0.0 |
| 2025-04-04T06:23:34.322039+00:00 | Debian Importer | Affected by | VCID-9ru8-kjym-aaae | None | 36.0.0 |
| 2025-02-22T05:31:48.512191+00:00 | Debian Importer | Affected by | VCID-wwy6-zvb1-aaab | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-21T17:28:21.477105+00:00 | Debian Importer | Affected by | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-21T15:08:42.208549+00:00 | Debian Importer | Affected by | VCID-9ru8-kjym-aaae | None | 35.1.0 |
| 2025-02-19T11:03:48.511053+00:00 | Debian Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 35.1.0 |
| 2024-12-15T18:57:17.074355+00:00 | Debian Importer | Affected by | VCID-wwy6-zvb1-aaab | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-24T06:08:20.206742+00:00 | Debian Importer | Affected by | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-22T08:22:17.867346+00:00 | Debian Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 35.0.0 |
| 2024-11-20T06:44:30.798651+00:00 | Debian Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 34.3.2 |
| 2024-10-11T02:58:37.782574+00:00 | Debian Importer | Affected by | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-09T07:23:46.551032+00:00 | Debian Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 34.0.2 |
| 2024-09-25T22:15:17.965882+00:00 | Debian Importer | Affected by | VCID-wwy6-zvb1-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-20T07:12:56.820624+00:00 | Debian Importer | Affected by | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-18T18:17:58.618743+00:00 | Debian Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 34.0.1 |
| 2024-05-20T15:12:22.525644+00:00 | Debian Importer | Affected by | VCID-9ru8-kjym-aaae | None | 34.0.0rc4 |
| 2024-04-24T16:43:54.982463+00:00 | Debian Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 34.0.0rc4 |
| 2024-01-10T18:44:52.634679+00:00 | Debian Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 34.0.0rc2 |
| 2024-01-04T08:14:17.595648+00:00 | Debian Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 34.0.0rc1 |