Fluid Attacks Database

Description

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libvpx	>=0 <0.9.1-2	0.9.1-2
debian 12	libvpx	>=0 <0.9.1-2	0.9.1-2
debian 11	libvpx	>=0 <0.9.1-2	0.9.1-2
debian 13	libvpx	>=0 <0.9.1-2	0.9.1-2
rpm rhel6	libvpx	<0:0.9.0-8.el6_0	0:0.9.0-8.el6_0

Aliases

1. CVE-2010-42032. NVD-2010-42033. OSV-DEBIAN-2010-42034. OSV-2010-42035. SECURITY-TRACKER-CVE-2010-4203

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.