Fedora 37: 2023-f696934fbf Critical: libvpx Heap Overflow and Crash
fedora
October 23, 2023
Security fixes for CVE-2023-5217 and CVE-2023-44488
Summary
libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications
with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs
deployed on millions of computers and devices worldwide.
Update Information:
Security fixes for CVE-2023-5217 and CVE-2023-44488
Topics Covered
Change Log
* Wed Oct 4 2023 Boudhayan Bhattacharya
References
[ 1 ] Bug #2241260 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2241260
[ 2 ] Bug #2241812 - CVE-2023-44488 libvpx: TRIAGE-CVE-2023-44488 libvpx: crash related to VP9 encoding [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2241812
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-f696934fbf' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: libvpx
Product: Fedora 37
Version: 1.12.0
Release: 4.fc37
Summary: VP8/VP9 Video Codec SDK
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!