CVE-2023-44488
Advisory lineage Upstream: 0 Downstream: 30
Modified
Published: 30 Sept 2023, 00:00
Last modified:23 Sept 2024, 16:15
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
1.49% LOW
1% probability +0.04%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
30 Sept 2023, 00:00
Published
Vulnerability first disclosed
23 Sept 2024, 16:15
Last Modified
Vulnerability information updated
Description
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 1.49%• Percentile: 81%
Techniques & Countermeasures
- CWE-755•Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.
Affected Systems
- debian•debian_linux
10.0 | 11.0 | 12.0
- fedoraproject•fedora
37
- redhat•enterprise_linux
8.0 | 9.0
- webmproject•libvpx
< 1.13.1
References (10)
- https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937
- https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f
- https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1
- https://github.com/webmproject/libvpx/releases/tag/v1.13.1
- http://www.openwall.com/lists/oss-security/2023/09/30/4
- https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2241806
- https://security.gentoo.org/glsa/202310-04
- https://www.debian.org/security/2023/dsa-5518
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/