CVE-2023-6349 — Heap-based Buffer Overflow in Libvpx

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

5.7MEDIUMNVD

EPSS

0.1%

top 76.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Chromium Libvpx Webmproject Libvpx

Timeline

PublishedMay 27

Description

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/S:N

Affected Packages3 packages

▶CVEListV5chromium/libvpx1.5.0 — 1.13.1

▶NVDwebmproject/libvpx< 1.13.1

▶Debianwebmproject/libvpx< 1.9.0-1+deb11u2+3

🔴Vulnerability Details

OSV

CVE-2023-6349: A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result i↗2024-05-27

▶

CVEList

Heap overflow in libvpx↗2024-05-27

▶

📋Vendor Advisories

Red Hat

libvpx: Heap buffer overflow related to VP9 encoding↗2024-05-27

▶

Debian

CVE-2023-6349: libvpx - A heap overflow vulnerability exists in libvpx - Encoding a frame that has large...↗2023

▶