Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 18.04 LTS: USN-7249-1 critical: libvpx application crash

ubuntu
Calendar Grey February 4, 2025
Dist Ubuntu Esm H88
Take immediate action to resolve the libvpx vulnerability impacting various Ubuntu LTS releases and enhance system safety.
libvpx could be made to crash or run programs as your login if it opened a specially crafted image file.

Summary

libvpx could be made to crash or run programs as your login if it

opened a specially crafted image file.

Software Description:

- libvpx: VP8 and VP9 video codec

Details:

Xiantong Hou discovered that libvpx would overflow when attempting to

allocate memory for very large images. If an application using libvpx

opened a specially crafted file, a remote attacker could possibly use

this issue to cause the application to crash, resulting in a denial

of service, or the execution of arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   libvpx5                         1.7.0-3ubuntu0.18.04.1+esm2
                                   Available with Ubuntu Pro
   vpx-tools                       1.7.0-3ubuntu0.18.04.1+esm2
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libvpx3                         1.5.0-2ubuntu1.1+esm3
                                   Available with Ubuntu Pro
   vpx-tools                       1.5.0-2ubuntu1.1+esm3
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS
   libvpx1                         1.3.0-2ubuntu0.1+esm3
                                   Available with Ubuntu Pro
   vpx-tools                       1.3.0-2ubuntu0.1+esm3
                                   Available with Ubuntu Pro

In general, a standard system update will make all the
necessary changes.

References

  https://ubuntu.com/security/notices/USN-7249-1

  CVE-2024-5197

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7249-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here