It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS were previously addressed in USN-6403-1, USN-6403-2, and USN-6403-3. This update addresses the issue in Ubuntu 14.04 LTS.
{ "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro", "binaries": [ { "binary_version": "1.3.0-2ubuntu0.1~esm3", "binary_name": "libvpx-dev" }, { "binary_version": "1.3.0-2ubuntu0.1~esm3", "binary_name": "libvpx-dev-dbgsym" }, { "binary_version": "1.3.0-2ubuntu0.1~esm3", "binary_name": "libvpx-doc" }, { "binary_version": "1.3.0-2ubuntu0.1~esm3", "binary_name": "libvpx1" }, { "binary_version": "1.3.0-2ubuntu0.1~esm3", "binary_name": "libvpx1-dbg" }, { "binary_version": "1.3.0-2ubuntu0.1~esm3", "binary_name": "libvpx1-dbgsym" }, { "binary_version": "1.3.0-2ubuntu0.1~esm3", "binary_name": "vpx-tools" }, { "binary_version": "1.3.0-2ubuntu0.1~esm3", "binary_name": "vpx-tools-dbgsym" } ] }