Opened 2 years ago
Closed 2 years ago
#18651 closed enhancement (fixed)
libvpx: Fix CVE-2023-5217
| Reported by: | Xi Ruoyao | Owned by: | blfs-book |
|---|---|---|---|
| Priority: | high | Milestone: | 12.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Google is aware that an exploit for CVE-2023-5217 exists in the wild.
Change History (2)
comment:1 by , 2 years ago
comment:2 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed at r12.0-338-ge7f1099026. SA 12.0-017.
Note:
See TracTickets
for help on using tickets.
Patches: