CVE-2023-44488

moderate-risk

Published 2023-09-30

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

Do I need to act?

1.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Libvpx

Enterprise Linux

Debian Linux

Fedora

Debian Redhat Fedoraproject Webmproject

Mailing List http://www.openwall.com/lists/oss-security/2023/09/30/4

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2241806

Patch https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a...

Patch https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca78...

Patch https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1

Release Notes https://github.com/webmproject/libvpx/releases/tag/v1.13.1

Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html

Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.gentoo.org/glsa/202310-04

Third Party Advisory https://www.debian.org/security/2023/dsa-5518