Search for vulnerabilities
Vulnerability details: VCID-p4cc-9c4p-qka4
Vulnerability ID VCID-p4cc-9c4p-qka4
Aliases CVE-2023-6349
Summary A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-122 Heap-based Buffer Overflow
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6349.json
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2023-6349
cvssv4 5.7 https://crbug.com/webm/1642
ssvc Track https://crbug.com/webm/1642
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-6349
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6349.json
https://api.first.org/data/v1/epss?cve=CVE-2023-6349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6349
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1642 https://crbug.com/webm/1642
2283553 https://bugzilla.redhat.com/show_bug.cgi?id=2283553
cpe:2.3:a:webmproject:libvpx:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webmproject:libvpx:*:*:*:*:*:*:*:*
CVE-2023-6349 https://nvd.nist.gov/vuln/detail/CVE-2023-6349
RHSA-2024:5941 https://access.redhat.com/errata/RHSA-2024:5941
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6349.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/S:N/AU:N/R:A/V:D Found at https://crbug.com/webm/1642
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T15:01:21Z/ Found at https://crbug.com/webm/1642
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6349
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.24029
EPSS Score 0.00078
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:39:24.954203+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/6xxx/CVE-2023-6349.json 37.0.0