Webmproject Libvpx vulnerabilities
27 known vulnerabilities affecting webmproject/libvpx.
Total CVEs
27
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH10MEDIUM13
Vulnerabilities
Page 2 of 2
CVE-2015-4485CRITICALCVSS 10.0≥ 0, < 1.4.0-12015-08-16
CVE-2015-4485 [CRITICAL] CVE-2015-4485: Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
osv
CVE-2015-4486CRITICALCVSS 10.0≥ 0, < 1.4.0-12015-08-16
CVE-2015-4486 [CRITICAL] CVE-2015-4486: The decrease_ref_count function in libvpx in Mozilla Firefox before 40
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
osv
CVE-2015-1258HIGHCVSS 7.5≥ 0, < 1.4.0-42015-05-20
CVE-2015-1258 [HIGH] CVE-2015-1258: Google Chrome before 43
Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.
osv
CVE-2014-1578HIGHCVSS 7.5≥ 0, < 1.3.0-32014-10-15
CVE-2014-1578 [HIGH] CVE-2014-1578: The get_tile function in Mozilla Firefox before 33
The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.
osv
CVE-2012-0823MEDIUMCVSS 5.0≤ 0.9.7v0.9.0+5 more2012-02-23
CVE-2012-0823 [MEDIUM] CWE-20 CVE-2012-0823: VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (
VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".
nvdosv
CVE-2010-4489MEDIUMCVSS 4.3≥ 0, < 0.9.5-12010-12-07
CVE-2010-4489 [MEDIUM] CVE-2010-4489: libvpx, as used in Google Chrome before 8
libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.
osv
CVE-2010-4203CRITICALCVSS 9.8fixed in 0.9.52010-11-06
CVE-2010-4203 [CRITICAL] CWE-190 CVE-2010-4203: WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
nvdosv
← Previous2 / 2