Debian 10260 Published by

A libvpx security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a heap-based buffer overflow.



ELA-973-1 libvpx security update

Package : libvpx
Version : 1.3.0-3+deb8u4 (jessie), 1.6.1-3+deb9u4 (stretch)

Related CVEs :
CVE-2023-5217

Clement Lecigne discovered a heap-based buffer overflow in libvpx, a
multimedia library for the VP8 and VP9 video codecs, which may result in
the execution of arbitrary code if a specially crafted VP8 media stream
is processed.

ELA-973-1 libvpx security update