OESA-2026-1451

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1451
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-1451.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-1451
Upstream
Published
2026-02-28T12:44:38Z
Modified
2026-02-28T13:03:21.322365Z
Summary
libvpx security update
Details

libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs deployed on millions of computers and devices worldwide.

Security Fix(es):

Heap buffer overflow vulnerability exists in libvpx component. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, and Firefox ESR < 115.32.1.(CVE-2026-2447)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP4
libvpx

Package

Name
libvpx
Purl
pkg:rpm/openEuler/libvpx&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-13.oe2003sp4

Ecosystem specific 

{
    "x86_64": [
        "libvpx-1.7.0-13.oe2003sp4.x86_64.rpm",
        "libvpx-debuginfo-1.7.0-13.oe2003sp4.x86_64.rpm",
        "libvpx-debugsource-1.7.0-13.oe2003sp4.x86_64.rpm",
        "libvpx-devel-1.7.0-13.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.7.0-13.oe2003sp4.aarch64.rpm",
        "libvpx-debuginfo-1.7.0-13.oe2003sp4.aarch64.rpm",
        "libvpx-debugsource-1.7.0-13.oe2003sp4.aarch64.rpm",
        "libvpx-devel-1.7.0-13.oe2003sp4.aarch64.rpm"
    ],
    "src": [
        "libvpx-1.7.0-13.oe2003sp4.src.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1451.json"
openEuler:22.03-LTS-SP4
libvpx

Package

Name
libvpx
Purl
pkg:rpm/openEuler/libvpx&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-14.oe2203sp4

Ecosystem specific 

{
    "x86_64": [
        "libvpx-1.7.0-14.oe2203sp4.x86_64.rpm",
        "libvpx-debuginfo-1.7.0-14.oe2203sp4.x86_64.rpm",
        "libvpx-debugsource-1.7.0-14.oe2203sp4.x86_64.rpm",
        "libvpx-devel-1.7.0-14.oe2203sp4.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.7.0-14.oe2203sp4.aarch64.rpm",
        "libvpx-debuginfo-1.7.0-14.oe2203sp4.aarch64.rpm",
        "libvpx-debugsource-1.7.0-14.oe2203sp4.aarch64.rpm",
        "libvpx-devel-1.7.0-14.oe2203sp4.aarch64.rpm"
    ],
    "src": [
        "libvpx-1.7.0-14.oe2203sp4.src.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1451.json"
openEuler:24.03-LTS
libvpx

Package

Name
libvpx
Purl
pkg:rpm/openEuler/libvpx&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13.1-5.oe2403

Ecosystem specific 

{
    "x86_64": [
        "libvpx-1.13.1-5.oe2403sp1.x86_64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp1.x86_64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp1.x86_64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp1.x86_64.rpm",
        "libvpx-1.13.1-5.oe2403sp2.x86_64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp2.x86_64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp2.x86_64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp2.x86_64.rpm",
        "libvpx-1.13.1-5.oe2403sp3.x86_64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp3.x86_64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp3.x86_64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp3.x86_64.rpm",
        "libvpx-1.13.1-5.oe2403.x86_64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403.x86_64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403.x86_64.rpm",
        "libvpx-devel-1.13.1-5.oe2403.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.13.1-5.oe2403sp1.aarch64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp1.aarch64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp1.aarch64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp1.aarch64.rpm",
        "libvpx-1.13.1-5.oe2403sp2.aarch64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp2.aarch64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp2.aarch64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp2.aarch64.rpm",
        "libvpx-1.13.1-5.oe2403sp3.aarch64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp3.aarch64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp3.aarch64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp3.aarch64.rpm",
        "libvpx-1.13.1-5.oe2403.aarch64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403.aarch64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403.aarch64.rpm",
        "libvpx-devel-1.13.1-5.oe2403.aarch64.rpm"
    ],
    "src": [
        "libvpx-1.13.1-5.oe2403sp1.src.rpm",
        "libvpx-1.13.1-5.oe2403sp2.src.rpm",
        "libvpx-1.13.1-5.oe2403sp3.src.rpm",
        "libvpx-1.13.1-5.oe2403.src.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1451.json"
openEuler:24.03-LTS-SP1
libvpx

Package

Name
libvpx
Purl
pkg:rpm/openEuler/libvpx&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13.1-5.oe2403sp1

Ecosystem specific 

{
    "x86_64": [
        "libvpx-1.13.1-5.oe2403sp1.x86_64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp1.x86_64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp1.x86_64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp1.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.13.1-5.oe2403sp1.aarch64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp1.aarch64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp1.aarch64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp1.aarch64.rpm"
    ],
    "src": [
        "libvpx-1.13.1-5.oe2403sp1.src.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1451.json"
openEuler:24.03-LTS-SP2
libvpx

Package

Name
libvpx
Purl
pkg:rpm/openEuler/libvpx&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13.1-5.oe2403sp2

Ecosystem specific 

{
    "x86_64": [
        "libvpx-1.13.1-5.oe2403sp2.x86_64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp2.x86_64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp2.x86_64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp2.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.13.1-5.oe2403sp2.aarch64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp2.aarch64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp2.aarch64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp2.aarch64.rpm"
    ],
    "src": [
        "libvpx-1.13.1-5.oe2403sp2.src.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1451.json"
openEuler:24.03-LTS-SP3
libvpx

Package

Name
libvpx
Purl
pkg:rpm/openEuler/libvpx&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13.1-5.oe2403sp3

Ecosystem specific 

{
    "x86_64": [
        "libvpx-1.13.1-5.oe2403sp3.x86_64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp3.x86_64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp3.x86_64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp3.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.13.1-5.oe2403sp3.aarch64.rpm",
        "libvpx-debuginfo-1.13.1-5.oe2403sp3.aarch64.rpm",
        "libvpx-debugsource-1.13.1-5.oe2403sp3.aarch64.rpm",
        "libvpx-devel-1.13.1-5.oe2403sp3.aarch64.rpm"
    ],
    "src": [
        "libvpx-1.13.1-5.oe2403sp3.src.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1451.json"