CVE search results

11 – 18 of 18 results

Detailed view

Sort by:

CVE-2019-2126

Low priority

Some fixes available 7 of 41

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is...

7 affected packages

aom, godot, qtwebengine-opensource-src, chromium-browser, firefox...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
aom	Not affected	Needs evaluation	Needs evaluation	Not in release
godot	Fixed	Fixed	Fixed	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
chromium-browser	Not affected	Not affected	Not in release	Not affected
firefox	Not affected	Not affected	Not in release	Not affected
libvpx	Not affected	Not affected	Not affected	Fixed
thunderbird	Not affected	Not affected	Not in release	Not affected

CVE-2018-19212

Low priority

Needs evaluation

In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack.

5 affected packages

android, chromium-browser, sludge, libvpx, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
android	Not in release	Not in release	Not in release	Not in release
chromium-browser	Not affected	Not affected	Not in release	Not affected
sludge	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libvpx	Not affected	Not affected	Not affected	Not affected
oxide-qt	Not in release	Not in release	Not in release	Not in release

CVE-2017-13194

Low priority

Some fixes available 2 of 4

A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.

1 affected package

libvpx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvpx	—	—	Not affected	Not affected

CVE-2016-1972

Medium priority

Not affected

Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.

3 affected packages

firefox, libvpx, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
libvpx	—	—	—	—
thunderbird	—	—	—	—

CVE-2015-1258

Low priority

Some fixes available 8 of 9

Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of...

3 affected packages

chromium-browser, libvpx, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
chromium-browser	—	—	—	—
libvpx	—	—	—	—
oxide-qt	—	—	—	—

CVE-2012-0823

Low priority

Not affected

VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers...

1 affected package

libvpx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvpx	—	—	—	—

CVE-2010-4489

Medium priority

Some fixes available 2 of 4

libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.

2 affected packages

chromium-browser, libvpx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
chromium-browser	—	—	—	—
libvpx	—	—	—	—

CVE-2010-4203

Medium priority

Fixed

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

2 affected packages

libvpx, chromium-browser

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvpx	—	—	—	—
chromium-browser	—	—	—	—

Export to JSON

Results by page:

Search CVE reports