<p>Upgrade <code>Ubuntu:16.04</code> <code>libvpx</code> to version 1.5.0-2ubuntu1.1+esm2 or higher.</p>

Out-of-bounds Write Affecting libvpx package, versions <1.5.0-2ubuntu1.1+esm2

Snyk CVSS

Attack Complexity Low

User Interaction Required

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Exploit Maturity Mature

EPSS 29.61% (97^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-UBUNTU1604-LIBVPX-5926131
published 29 Sep 2023
disclosed 28 Sep 2023

Report a new vulnerability Found a mistake?

Introduced: 28 Sep 2023

CVE-2023-5217 Open this link in a new tab CWE-787 Open this link in a new tab

How to fix?

Upgrade Ubuntu:16.04 libvpx to version 1.5.0-2ubuntu1.1+esm2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libvpx package and not the libvpx package as distributed by Ubuntu. See How to fix? for Ubuntu:16.04 relevant fixed versions and status.

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)