Advisories » MGASA-2023-0280

Updated libvpx packages fix security vulnerability

Publication date: 02 Oct 2023
Modification date: 02 Oct 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-5217

Description

Heap buffer overflow in vp8 encoding in libvpx allowed a remote attacker
to potentially exploit heap corruption via a crafted HTML page.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32342
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217
• https://www.openwall.com/lists/oss-security/2023/09/28/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217

SRPMS

9/core

• libvpx-1.12.0-1.1.mga9

8/core

• libvpx-1.9.0-1.1.mga8