JLSEC-2026-376

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-376.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-376.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-376

Upstream

CVE-2023-6349

Published

2026-05-01T13:54:10.329Z

Modified

2026-05-01T14:00:22.901025Z

Summary

[none]

Details

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

Database specific

{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-6349",
            "database_specific": {
                "status": "Analyzed"
            },
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6349",
            "modified": "2025-07-22T20:08:40.183Z",
            "id": "CVE-2023-6349",
            "imported": "2026-05-01T13:33:19.891Z",
            "published": "2024-05-27T12:15:08.810Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / LibVPX_jll

Package

Name: LibVPX_jll
Purl: pkg:julia/LibVPX_jll?uuid=dd192d2f-8180-539f-9fb4-cc70b1dcf69a

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.15.2+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-376.json"