SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2409

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2409

Security update for libvpx

Type: security

Severity: important

Issued: 2024-07-11

Description:

This update for libvpx fixes the following issues:

- CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879).
- CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403).
- CVE-2023-44488: Fixed heap buffer overflow in vp8 encoding (bsc#1216879).

References

CVE: CVE-2024-5197
CVE: CVE-2023-6349
CVE: CVE-2023-44488
Bugzilla: 1225879 VUL-0: CVE-2024-5197: libvpx: interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters
Bugzilla: 1225403 VUL-0: CVE-2023-6349: libvpx: heap overflow when encoding a frame that has larger dimensions than the originally configured size
Bugzilla: 1216879 VUL-0: CVE-2023-44488: MozillaFirefox,MozillaThunderbird,libvpx: Re: Heap buffer overflow in vp8 encoding in libvpx

Packages

libvpx-1.11.0-150400.3.7.1