oss-sec mailing list archives
Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Sat, 30 Sep 2023 13:38:27 -0700
On 9/28/23 11:37, Alan Coopersmith wrote:
It does not appear that libvpx 1.13.1 has been released yet,
It was released yesterday, with the note: "This release contains two security related fixes. One each for VP8 and VP9." https://github.com/webmproject/libvpx/releases/tag/v1.13.1 CVE-2023-44488 has been assigned to the VP9 bug: "VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding." https://www.cve.org/CVERecord?id=CVE-2023-44488 It points to this commit for the fix: https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Attachment:
OpenPGP_0xA2FB9E081F2D130E.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx, (continued)
- Re: Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Michael Orlitzky (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Travis Finkenauer (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Michael Orlitzky (Sep 29)
- Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Dominique Martinet (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Demi Marie Obenour (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Michael Orlitzky (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Steffen Nurpmeso (Sep 30)