Search for packages
| purl | pkg:deb/debian/libvpx@1.9.0-1%2Bdeb11u3 |
| Next non-vulnerable version | 1.12.0-1+deb12u3 |
| Latest non-vulnerable version | 1.12.0-1+deb12u3 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-wf3e-41zq-a3h1
Aliases: CVE-2025-5283 |
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5ux6-q5sa-aaap | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302 |
CVE-2019-9325
|
| VCID-7zsc-utjq-aaaf | In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 |
CVE-2019-9371
|
| VCID-9ru8-kjym-aaae | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
CVE-2023-5217
GHSA-qqvq-6xgj-jw8g |
| VCID-e1b5-mfrx-aaae | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 |
CVE-2019-9232
|
| VCID-jbsd-7ptm-aaae | In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 |
CVE-2019-9433
|
| VCID-q9p1-841v-aaap | A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above |
CVE-2023-6349
|
| VCID-rbr4-a3uc-aaap | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. |
CVE-2023-44488
|
| VCID-wwy6-zvb1-aaab | There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond |
CVE-2024-5197
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T23:51:18.023974+00:00 | Debian Importer | Fixing | VCID-wwy6-zvb1-aaab | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T20:41:41.326420+00:00 | Debian Importer | Fixing | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T18:07:17.854673+00:00 | Debian Oval Importer | Fixing | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T18:04:31.022990+00:00 | Debian Oval Importer | Fixing | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:40:43.847451+00:00 | Debian Oval Importer | Fixing | VCID-9ru8-kjym-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T05:48:13.394238+00:00 | Debian Importer | Affected by | VCID-wf3e-41zq-a3h1 | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T05:06:39.638131+00:00 | Debian Oval Importer | Fixing | VCID-5ux6-q5sa-aaap | None | 36.1.3 |
| 2025-06-21T04:55:19.573917+00:00 | Debian Oval Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 36.1.3 |
| 2025-06-21T04:34:21.159569+00:00 | Debian Oval Importer | Fixing | VCID-e1b5-mfrx-aaae | None | 36.1.3 |
| 2025-06-21T03:35:04.402915+00:00 | Debian Importer | Fixing | VCID-9ru8-kjym-aaae | None | 36.1.3 |
| 2025-06-21T03:13:25.062780+00:00 | Debian Oval Importer | Fixing | VCID-jbsd-7ptm-aaae | None | 36.1.3 |
| 2025-06-08T10:38:51.588533+00:00 | Debian Oval Importer | Fixing | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:36:10.462116+00:00 | Debian Oval Importer | Fixing | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:26:14.537999+00:00 | Debian Oval Importer | Fixing | VCID-9ru8-kjym-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T22:44:06.369765+00:00 | Debian Oval Importer | Fixing | VCID-5ux6-q5sa-aaap | None | 36.1.0 |
| 2025-06-07T22:32:38.339585+00:00 | Debian Oval Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 36.1.0 |
| 2025-06-07T22:10:50.826116+00:00 | Debian Oval Importer | Fixing | VCID-e1b5-mfrx-aaae | None | 36.1.0 |
| 2025-06-07T20:46:18.394388+00:00 | Debian Oval Importer | Fixing | VCID-jbsd-7ptm-aaae | None | 36.1.0 |
| 2025-05-31T20:11:50.527423+00:00 | Debian Importer | Affected by | VCID-wf3e-41zq-a3h1 | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-13T01:19:33.040208+00:00 | Debian Oval Importer | Fixing | VCID-wwy6-zvb1-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T00:51:40.733336+00:00 | Debian Oval Importer | Fixing | VCID-wwy6-zvb1-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-13T00:35:45.019780+00:00 | Debian Oval Importer | Fixing | VCID-q9p1-841v-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T00:35:44.251264+00:00 | Debian Oval Importer | Fixing | VCID-q9p1-841v-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T22:20:51.849759+00:00 | Debian Oval Importer | Fixing | VCID-jbsd-7ptm-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:10:16.689449+00:00 | Debian Oval Importer | Fixing | VCID-5ux6-q5sa-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:07:13.417876+00:00 | Debian Oval Importer | Fixing | VCID-7zsc-utjq-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:38:01.450181+00:00 | Debian Oval Importer | Fixing | VCID-9ru8-kjym-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:21:05.549991+00:00 | Debian Oval Importer | Fixing | VCID-e1b5-mfrx-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:20:28.742992+00:00 | Debian Oval Importer | Fixing | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:17:39.484682+00:00 | Debian Oval Importer | Fixing | VCID-rbr4-a3uc-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:58:35.202241+00:00 | Debian Oval Importer | Fixing | VCID-9ru8-kjym-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T21:15:57.067292+00:00 | Debian Oval Importer | Fixing | VCID-5ux6-q5sa-aaap | None | 36.0.0 |
| 2025-04-07T21:04:17.063989+00:00 | Debian Oval Importer | Fixing | VCID-7zsc-utjq-aaaf | None | 36.0.0 |
| 2025-04-07T20:42:20.970847+00:00 | Debian Oval Importer | Fixing | VCID-e1b5-mfrx-aaae | None | 36.0.0 |
| 2025-04-07T19:16:49.795243+00:00 | Debian Oval Importer | Fixing | VCID-jbsd-7ptm-aaae | None | 36.0.0 |
| 2025-04-05T19:15:21.616087+00:00 | Debian Importer | Fixing | VCID-wwy6-zvb1-aaab | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T16:44:53.680356+00:00 | Debian Importer | Fixing | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T06:23:34.327084+00:00 | Debian Importer | Fixing | VCID-9ru8-kjym-aaae | None | 36.0.0 |
| 2025-02-22T05:31:48.517784+00:00 | Debian Importer | Fixing | VCID-wwy6-zvb1-aaab | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-21T17:28:21.482925+00:00 | Debian Importer | Fixing | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-21T15:08:42.214393+00:00 | Debian Importer | Fixing | VCID-9ru8-kjym-aaae | None | 35.1.0 |
| 2024-12-15T18:57:17.079836+00:00 | Debian Importer | Fixing | VCID-wwy6-zvb1-aaab | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-24T06:08:20.212146+00:00 | Debian Importer | Fixing | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-10-11T02:58:37.788067+00:00 | Debian Importer | Fixing | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-09-25T22:15:17.971378+00:00 | Debian Importer | Fixing | VCID-wwy6-zvb1-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-20T07:12:56.828822+00:00 | Debian Importer | Fixing | VCID-q9p1-841v-aaap | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |