[SECURITY] [DLA 3598-1] libvpx security update

2023-10-0120:17:06

lists.debian.org

libvpx

buffer overflow

vulnerabilities

multimedia library

cve-2023-44488

cve-2023-5217

debian 10 buster

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.306

Percentile

97.0%

JSON

Debian LTS Advisory DLA-3598-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
October 01, 2023 https://wiki.debian.org/LTS

Package : libvpx
Version : 1.7.0-3+deb10u2
CVE ID : CVE-2023-5217 CVE-2023-44488

Two buffer overflow vulnerabilities were found in libvpx, a multimedia
library for the VP8 and VP9 video codecs, which could result in the
execution of arbitrary code if a specially crafted VP8 or VP9 media
stream is processed.

For Debian 10 buster, these problems have been fixed in version
1.7.0-3+deb10u2.

We recommend that you upgrade your libvpx packages.

For the detailed security status of libvpx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libvpx

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian12mipsellibvpx7-dbgsym< 1.12.0-1+deb12u1libvpx7-dbgsym_1.12.0-1+deb12u1_mipsel.deb
Debian10allfirefox-esr-l10n-si< 115.3.1esr-1~deb10u1firefox-esr-l10n-si_115.3.1esr-1~deb10u1_all.deb
Debian11allfirefox-esr-l10n-ur< 115.3.1esr-1~deb11u1firefox-esr-l10n-ur_115.3.1esr-1~deb11u1_all.deb
Debian11allthunderbird-l10n-zh-tw< 1:115.3.1-1~deb11u1thunderbird-l10n-zh-tw_1:115.3.1-1~deb11u1_all.deb
Debian10allthunderbird-l10n-cy< 1:115.3.1-1~deb10u1thunderbird-l10n-cy_1:115.3.1-1~deb10u1_all.deb
Debian11allfirefox-esr-l10n-id< 115.3.1esr-1~deb11u1firefox-esr-l10n-id_115.3.1esr-1~deb11u1_all.deb
Debian12allthunderbird-l10n-de< 1:115.3.1-1~deb12u1thunderbird-l10n-de_1:115.3.1-1~deb12u1_all.deb
Debian10alliceweasel-l10n-ga-ie< 1:115.3.1esr-1~deb10u1iceweasel-l10n-ga-ie_1:115.3.1esr-1~deb10u1_all.deb
Debian10allfirefox-esr-l10n-ca< 115.3.1esr-1~deb10u1firefox-esr-l10n-ca_115.3.1esr-1~deb10u1_all.deb
Debian10arm64vpx-tools-dbgsym< 1.7.0-3+deb10u2vpx-tools-dbgsym_1.7.0-3+deb10u2_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	mipsel	libvpx7-dbgsym	< 1.12.0-1+deb12u1	libvpx7-dbgsym_1.12.0-1+deb12u1_mipsel.deb
Debian	10	all	firefox-esr-l10n-si	< 115.3.1esr-1~deb10u1	firefox-esr-l10n-si_115.3.1esr-1~deb10u1_all.deb
Debian	11	all	firefox-esr-l10n-ur	< 115.3.1esr-1~deb11u1	firefox-esr-l10n-ur_115.3.1esr-1~deb11u1_all.deb
Debian	11	all	thunderbird-l10n-zh-tw	< 1:115.3.1-1~deb11u1	thunderbird-l10n-zh-tw_1:115.3.1-1~deb11u1_all.deb
Debian	10	all	thunderbird-l10n-cy	< 1:115.3.1-1~deb10u1	thunderbird-l10n-cy_1:115.3.1-1~deb10u1_all.deb
Debian	11	all	firefox-esr-l10n-id	< 115.3.1esr-1~deb11u1	firefox-esr-l10n-id_115.3.1esr-1~deb11u1_all.deb
Debian	12	all	thunderbird-l10n-de	< 1:115.3.1-1~deb12u1	thunderbird-l10n-de_1:115.3.1-1~deb12u1_all.deb
Debian	10	all	iceweasel-l10n-ga-ie	< 1:115.3.1esr-1~deb10u1	iceweasel-l10n-ga-ie_1:115.3.1esr-1~deb10u1_all.deb
Debian	10	all	firefox-esr-l10n-ca	< 115.3.1esr-1~deb10u1	firefox-esr-l10n-ca_115.3.1esr-1~deb10u1_all.deb
Debian	10	arm64	vpx-tools-dbgsym	< 1.7.0-3+deb10u2	vpx-tools-dbgsym_1.7.0-3+deb10u2_arm64.deb