Xiantong Hou discovered that libvpx would overflow when attempting to allocate memory for very large images. If an application using libvpx opened a specially crafted file, a remote attacker could possibly use this issue to cause the application to crash, resulting in a denial of service, or the execution of arbitrary code.
{ "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro", "binaries": [ { "binary_version": "1.3.0-2ubuntu0.1+esm3", "binary_name": "libvpx-dev" }, { "binary_version": "1.3.0-2ubuntu0.1+esm3", "binary_name": "libvpx1" }, { "binary_version": "1.3.0-2ubuntu0.1+esm3", "binary_name": "vpx-tools" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:Pro:14.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N", "type": "CVSS_V4" }, { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-5197" } ] } }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_version": "1.5.0-2ubuntu1.1+esm3", "binary_name": "libvpx-dev" }, { "binary_version": "1.5.0-2ubuntu1.1+esm3", "binary_name": "libvpx3" }, { "binary_version": "1.5.0-2ubuntu1.1+esm3", "binary_name": "vpx-tools" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:Pro:16.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N", "type": "CVSS_V4" }, { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-5197" } ] } }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_version": "1.7.0-3ubuntu0.18.04.1+esm2", "binary_name": "libvpx-dev" }, { "binary_version": "1.7.0-3ubuntu0.18.04.1+esm2", "binary_name": "libvpx5" }, { "binary_version": "1.7.0-3ubuntu0.18.04.1+esm2", "binary_name": "vpx-tools" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:Pro:18.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N", "type": "CVSS_V4" }, { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-5197" } ] } }