Filtered by vendor Webmproject
Subscriptions
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-44488 | 4 Debian, Fedoraproject, Redhat and 1 more | 8 Debian Linux, Fedora, Enterprise Linux and 5 more | 2024-08-02 | 7.5 High |
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | ||||
CVE-2023-5217 | 8 Apple, Debian, Fedoraproject and 5 more | 17 Ipad Os, Iphone Os, Debian Linux and 14 more | 2024-08-02 | 8.8 High |
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2023-1999 | 2 Redhat, Webmproject | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-08-02 | 5.3 Medium |
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. |