Webmproject Libvpx
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Webmproject Libvpx.
By the Year
In 2025 there have been 0 vulnerabilities in Webmproject Libvpx. Last year, in 2024 Libvpx had 2 security vulnerabilities published. Right now, Libvpx is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 2 | 8.30 |
| 2023 | 2 | 8.15 |
It may take a day or so for new Libvpx vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Webmproject Libvpx Security Vulnerabilities
Integer Overflow in libvpx <=1.14.0 via vpx_img_alloc()/wrap
CVE-2024-5197
9.1 - Critical
- June 03, 2024
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond
Heap Overflow in libvpx <1.13.1 (VP9 Frame Size Mismatch)
CVE-2023-6349
7.5 - High
- May 27, 2024
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
Memory Corruption
VP9 in libvpx before 1.13.1 mishandles widths
CVE-2023-44488
7.5 - High
- September 30, 2023
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
Improper Handling of Exceptional Conditions
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1
CVE-2023-5217
8.8 - High
- September 28, 2023
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
VP8 Codec SDK (libvpx) before 1.0.0 "Duclair"
CVE-2012-0823
- February 23, 2012
VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".
Improper Input Validation
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44
CVE-2010-4203
9.8 - Critical
- November 06, 2010
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
Integer Overflow or Wraparound
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Webmproject Libvpx or by Webmproject? Click the Watch button to subscribe.
