CVE-2023-6349 MEDIUM

CVE-2023-6349: Heap overflow in libvpx

Vendor Chromium
Product libvpx
Weakness CWE-122
Published May 27, 2024
Last update August 2, 2024

CVSS base score

5.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/S:N/AU:N/R:A/V:D

What the vulnerability does

01Description

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

Key dates

02Disclosure timeline

May 27, 2024 CVE published
August 2, 2024 Record updated