Fluid Attacks Database

Description

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	libvpx	>=0 <1.12.0-1.2	1.12.0-1.2
debian 11	libvpx	=1.9.0-1 \|\| =1.9.0-1+deb11u1 \|\| >=0 <1.9.0-1+deb11u2	1.9.0-1+deb11u2
debian 12	libvpx	=1.12.0-1 \|\| =1.12.0-1+deb12u1 \|\| >=0 <1.12.0-1+deb12u2	1.12.0-1+deb12u2
debian 14	libvpx	>=0 <1.12.0-1.2	1.12.0-1.2
rpm rhel7	thunderbird	-	-
rpm rhel9.0	libvpx	<0:1.9.0-7.el9_0	0:1.9.0-7.el9_0
rpm rhel7	firefox	<0:115.4.0-1.el7_9	0:115.4.0-1.el7_9
rpm rhel8	firefox	<0:115.4.0-1.el8_8	0:115.4.0-1.el8_8
rpm rhel8.6	firefox	<0:115.4.0-1.el8_6	0:115.4.0-1.el8_6
rpm rhel9	firefox	<0:115.4.0-1.el9_2	0:115.4.0-1.el9_2

1-10 of 18

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.