[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx
From: Alan Coopersmith <alan.coopersmith () oracle ! com>
Date: 2023-09-30 20:38:27
Message-ID: 6284ffe9-d228-46f0-be8c-c7f78a030523 () oracle ! com
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
[Attachment #4 (multipart/mixed)]
[Attachment #6 (text/plain)]
On 9/28/23 11:37, Alan Coopersmith wrote:
> It does not appear that libvpx 1.13.1 has been released yet,
It was released yesterday, with the note:
"This release contains two security related fixes. One each for VP8 and VP9."
https://github.com/webmproject/libvpx/releases/tag/v1.13.1
CVE-2023-44488 has been assigned to the VP9 bug:
"VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related
to encoding."
https://www.cve.org/CVERecord?id=CVE-2023-44488
It points to this commit for the fix:
https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f
--
-Alan Coopersmith- alan.coopersmith@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
["OpenPGP_0xA2FB9E081F2D130E.asc" (application/pgp-keys)]
["OpenPGP_signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic