CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.0%
software: libvpx 1.10.0
OS: ROSA-CHROME
package_evr_string: libvpx-1.10.0-4.src.rpm
CVE-ID: CVE-2023-40474
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The MXF file demultiplexer in GStreamer plugins has encountered a heap buffer overflow bug when processing distorted uncompressed video files. This issue requires user interaction with the library and could allow an attacker to cause an integer overflow before allocating the buffer, cause a crash or code execution through heap manipulation, code execution in the context of the current process.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libvpx
CVE-ID: CVE-2023-40475
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Heap buffer overflow error was detected in MXF file, demultiplexer, GStreamer plugins. Error while processing distorted files with AES3 audio. This issue requires user interaction with the library. This could allow an attacker to cause an integer overflow before buffer allocation, cause a crash or code execution through heap manipulation, and code execution in the context of the current process.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libvpx
CVE-ID: CVE-2023-40476
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A stack buffer overflow was detected in the GStreamer Bad plugin when processing invalid H.265 video stream files. This issue requires user interaction with the library and could allow an attacker to cause an integer overflow before allocating the buffer, cause a crash or code execution via heap manipulation, code execution in the context of the current process.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libvpx
CVE-ID: CVE-2023-5217
BDU-ID: 2023-06157
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the VP8 format encoding function of the libvpx library of the Google Chrome browser is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code when a user opens a specially crafted web page
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libvpx
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.0%