Search CVE reports
11 – 17 of 17 results
CVE-2018-19212
Low priorityIn libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack.
5 affected packages
android, chromium-browser, libvpx, oxide-qt, sludge
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| android | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
| libvpx | Not affected | Not affected | Not affected | Not affected | Not affected |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| sludge | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2017-13194
Low prioritySome fixes available 2 of 4
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.
1 affected package
libvpx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libvpx | — | — | Not affected | Not affected | Fixed |
CVE-2016-1972
Medium priorityRace condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
3 affected packages
firefox, libvpx, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| libvpx | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
CVE-2015-1258
Low prioritySome fixes available 8 of 9
Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of...
3 affected packages
chromium-browser, libvpx, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | — | — |
| libvpx | — | — | — | — | — |
| oxide-qt | — | — | — | — | — |
CVE-2012-0823
Low priorityVP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers...
1 affected package
libvpx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libvpx | — | — | — | — | — |
CVE-2010-4489
Medium prioritySome fixes available 2 of 4
libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.
2 affected packages
chromium-browser, libvpx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | — | — |
| libvpx | — | — | — | — | — |
CVE-2010-4203
Medium priorityWebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
2 affected packages
chromium-browser, libvpx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | — | — |
| libvpx | — | — | — | — | — |