GHSA-qqvq-6xgj-jw8g

Suggest an improvement
Source
https://github.com/advisories/GHSA-qqvq-6xgj-jw8g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-qqvq-6xgj-jw8g/GHSA-qqvq-6xgj-jw8g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-qqvq-6xgj-jw8g
Aliases
Published
2023-09-28T18:30:45Z
Modified
2024-02-15T15:02:25Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Details

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Database specific
{
    "nvd_published_at": "2023-09-28T16:15:10Z",
    "cwe_ids": [
        "CWE-787"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-05T17:31:47Z"
}
References

Affected packages

npm / electron

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
22.3.25

npm / electron

Package

Affected ranges

Type
SEMVER
Events
Introduced
24.0.0
Fixed
24.8.5

npm / electron

Package

Affected ranges

Type
SEMVER
Events
Introduced
25.0.0
Fixed
25.8.4

npm / electron

Package

Affected ranges

Type
SEMVER
Events
Introduced
26.0.0
Fixed
26.2.4

npm / electron

Package

Affected ranges

Type
SEMVER
Events
Introduced
27.0.0-alpha.1
Fixed
27.0.0-beta.8