CVE-2023-44488 - Improper Handling of Exceptional Conditions

Severity

75%

Complexity

39%

Confidentiality

60%

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

CVSS 3.1 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Overview

First reported 1 year ago

2023-09-30 20:15:00

Last updated 1 year ago

2023-11-16 01:37:00

Affected Software

Red Hat Enterprise Linux 8.0

8.0

References

https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1

https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937

https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f

https://github.com/webmproject/libvpx/releases/tag/v1.13.1

[oss-security] 20230930 Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx

[debian-lts-announce] 20231001 [SECURITY] [DLA 3598-1] libvpx security update

https://bugzilla.redhat.com/show_bug.cgi?id=2241806

https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1

Patch

https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937

Patch

https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f

Patch

https://github.com/webmproject/libvpx/releases/tag/v1.13.1

Release Notes

[oss-security] 20230930 Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx

Mailing List, Third Party Advisory

[debian-lts-announce] 20231001 [SECURITY] [DLA 3598-1] libvpx security update

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=2241806

Issue Tracking, Patch

GLSA-202310-04

DSA-5518

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2023-44488 - Improper Handling of Exceptional Conditions

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 1 year ago

Last updated 1 year ago

Affected Software

Red Hat Enterprise Linux 8.0

References

https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1

https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937

https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f

https://github.com/webmproject/libvpx/releases/tag/v1.13.1

[oss-security] 20230930 Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx

[debian-lts-announce] 20231001 [SECURITY] [DLA 3598-1] libvpx security update

https://bugzilla.redhat.com/show_bug.cgi?id=2241806

https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1

https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937

https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f

https://github.com/webmproject/libvpx/releases/tag/v1.13.1

[oss-security] 20230930 Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx

[debian-lts-announce] 20231001 [SECURITY] [DLA 3598-1] libvpx security update

https://bugzilla.redhat.com/show_bug.cgi?id=2241806

GLSA-202310-04

DSA-5518

https://bugzilla.redhat.com/show_bug.cgi?id=2241806

GLSA-202310-04

DSA-5518

FEDORA-2023-f696934fbf

FEDORA-2023-f696934fbf

FEDORA-2023-f696934fbf

Stay updated

Get in touch