Search for vulnerabilities
Vulnerability details: VCID-rbr4-a3uc-aaap
Vulnerability ID VCID-rbr4-a3uc-aaap
Aliases CVE-2023-44488
Summary VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-755 Improper Handling of Exceptional Conditions
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44488.json
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00170 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00225 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00225 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00225 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00292 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00689 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00709 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00709 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00709 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00709 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00709 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00709 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00709 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.00709 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.0309 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
epss 0.06114 https://api.first.org/data/v1/epss?cve=CVE-2023-44488
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://github.com/webmproject/libvpx/releases/tag/v1.13.1
generic_textual HIGH https://github.com/webmproject/libvpx/releases/tag/v1.13.1
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-44488
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-44488
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/30/4
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/30/4
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44488.json
https://api.first.org/data/v1/epss?cve=CVE-2023-44488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44488
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f
https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937
https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1
https://github.com/webmproject/libvpx/releases/tag/v1.13.1
https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/
https://www.debian.org/security/2023/dsa-5518
http://www.openwall.com/lists/oss-security/2023/09/30/4
2241806 https://bugzilla.redhat.com/show_bug.cgi?id=2241806
cpe:2.3:a:webmproject:libvpx:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webmproject:libvpx:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVE-2023-44488 https://nvd.nist.gov/vuln/detail/CVE-2023-44488
GLSA-202310-04 https://security.gentoo.org/glsa/202310-04
RHSA-2023:5534 https://access.redhat.com/errata/RHSA-2023:5534
RHSA-2023:5535 https://access.redhat.com/errata/RHSA-2023:5535
RHSA-2023:5536 https://access.redhat.com/errata/RHSA-2023:5536
RHSA-2023:5537 https://access.redhat.com/errata/RHSA-2023:5537
RHSA-2023:5538 https://access.redhat.com/errata/RHSA-2023:5538
RHSA-2023:5539 https://access.redhat.com/errata/RHSA-2023:5539
RHSA-2023:5540 https://access.redhat.com/errata/RHSA-2023:5540
RHSA-2023:6162 https://access.redhat.com/errata/RHSA-2023:6162
RHSA-2023:6185 https://access.redhat.com/errata/RHSA-2023:6185
RHSA-2023:6186 https://access.redhat.com/errata/RHSA-2023:6186
RHSA-2023:6187 https://access.redhat.com/errata/RHSA-2023:6187
RHSA-2023:6188 https://access.redhat.com/errata/RHSA-2023:6188
RHSA-2023:6189 https://access.redhat.com/errata/RHSA-2023:6189
RHSA-2023:6190 https://access.redhat.com/errata/RHSA-2023:6190
RHSA-2023:6191 https://access.redhat.com/errata/RHSA-2023:6191
RHSA-2023:6192 https://access.redhat.com/errata/RHSA-2023:6192
RHSA-2023:6194 https://access.redhat.com/errata/RHSA-2023:6194
RHSA-2023:6195 https://access.redhat.com/errata/RHSA-2023:6195
RHSA-2023:6196 https://access.redhat.com/errata/RHSA-2023:6196
RHSA-2023:6197 https://access.redhat.com/errata/RHSA-2023:6197
RHSA-2023:6198 https://access.redhat.com/errata/RHSA-2023:6198
RHSA-2023:6199 https://access.redhat.com/errata/RHSA-2023:6199
USN-6403-1 https://usn.ubuntu.com/6403-1/
USN-6403-2 https://usn.ubuntu.com/6403-2/
USN-6403-3 https://usn.ubuntu.com/6403-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44488.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/webmproject/libvpx/releases/tag/v1.13.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-44488
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-44488
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/30/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.53966
EPSS Score 0.00163
Published At Nov. 18, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.