Advisories » MGASA-2015-0249

Updated libvpx package fixes security vulnerability

Publication date: 01 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-1258

Description

libvpx before 1.4.0 allows remote attackers to trigger a negative value
for a size field, and consequently cause a denial of service or possibly
have unspecified other impact, via a crafted frame size in VP9 video data
(CVE-2015-1258)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16019
• http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258

SRPMS

4/core

• libvpx-1.3.0-1.1.mga4

5/core

• libvpx-1.3.0-3.1.mga5