Heap Overflow Vulnerability in libvpx
CVE-2023-6349

7.5HIGH

Key Information:

Vendor: Chromium
Status: Libvpx
Vendor: CVE Published:; 27 May 2024

What is CVE-2023-6349?

A heap overflow vulnerability has been identified in libvpx, which can occur when encoding a frame larger than the originally configured dimensions for VP9. This security flaw may lead to potential memory corruption, making it exploitable by attackers. Users are advised to upgrade to version 1.13.1 or later to mitigate any risks associated with this vulnerability.

Affected Version(s)

libvpx 1.5.0 < 1.13.1

References

https://crbug.com/webm/1642

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2024
Vulnerability Reserved
Nov 28, 2023

Chromium

What is CVE-2023-6349?

Affected Version(s)

References

CVSS V3.1

Timeline