Fluid Attacks Database

Description

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libvpx	=1.9.0-1 \|\| =1.9.0-1+deb11u1 \|\| >=0 <1.9.0-1+deb11u2	1.9.0-1+deb11u2
debian 12	libvpx	=1.12.0-1 \|\| =1.12.0-1+deb12u1 \|\| >=0 <1.12.0-1+deb12u2	1.12.0-1+deb12u2
debian 13	libvpx	>=0 <1.13.1-2	1.13.1-2
debian 14	libvpx	>=0 <1.13.1-2	1.13.1-2
rpm rhel7	firefox	-	-
rpm rhel6	libvpx	-	-
rpm rhel7	libvpx	-	-
rpm rhel8	libvpx	<0:1.7.0-11.el8_10	0:1.7.0-11.el8_10
rpm rhel9	libvpx	-	-
rpm rhel7	thunderbird	-	-

Aliases

1. CVE-2023-63492. NVD-2023-63493. OSV-DEBIAN-2023-63494. OSV-2023-63495. SECURITY-TRACKER-CVE-2023-6349

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.