Vulnerability Details : CVE-2023-6349
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx.
We recommend upgrading to version 1.13.1 or above
Products affected by CVE-2023-6349
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-6349
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 9 %
Percentile, the proportion of vulnerabilities that are scored at or less
CWE ids for CVE-2023-6349
-
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Assigned by:
- 14ed7db2-1595-443d-9d34-6215bf890778 (Primary)
- cve-coordination@google.com (Secondary)
References for CVE-2023-6349
-
https://crbug.com/webm/1642
1642 - libvpxenc: dynamic resolution encode support when total size is enlarged but width is smaller - webm
Jump to