CVE-2023-44488
- Source
- https://cve.org/CVERecord?id=CVE-2023-44488
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44488.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-44488
- Downstream
- Related
- Published
- 2023-09-30T20:15:10.200Z
- Modified
- 2026-04-15T23:59:31.552969941Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "10.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "11.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "12.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "37" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "9.0" } ], "source": "CPE_FIELD" } ] }- References
-
- http://www.openwall.com/lists/oss-security/2023/09/30/4
- https://github.com/webmproject/libvpx/releases/tag/v1.13.1
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/
- https://security.gentoo.org/glsa/202310-04
- https://www.debian.org/security/2023/dsa-5518
- https://bugzilla.redhat.com/show_bug.cgi?id=2241806
- https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f
- https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937
- https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1
- https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html
Affected packages
Git / github.com/webmproject/libvpx
Affected ranges
- Type
- GIT
- Repo
- https://github.com/webmproject/libvpx
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
- Database specific
{ "cpe": "cpe:2.3:a:webmproject:libvpx:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "fixed": "1.13.1" } ], "source": [ "CPE_FIELD", "REFERENCES" ] }
Affected versions
v0.*
v0.9.0
v0.9.1
v0.9.6
v0.9.7
v0.9.7-p1
v1.*
v1.0.0
v1.10.0-rc1
v1.13.0
v1.13.0-rc1
v1.2.0
Database specific
vanir_signatures
[
{
"target": {
"file": "test/resize_test.cc"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"222294996861201494531563221115526181830",
"177905442242017154764135092917670987263",
"296724635726239450151188088484457977547",
"239526560363414815411427251471114210813",
"280264804579290740107140485224924599482",
"144349025532577011718562765009437570731",
"316910969817943378999824533302179504849",
"161960282496103445579723084322288077455",
"337115596510057977265545488667594329807",
"143669365957967526086866222666248318510",
"155529621569970989173321266156303962503",
"206269327044260984591032794736675601133"
]
},
"id": "CVE-2023-44488-00043731",
"signature_type": "Line"
},
{
"target": {
"file": "vp9/common/vp9_alloccommon.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
"digest": {
"threshold": 0.9,
"line_hashes": [
"201803964402216507343490433769062691564",
"274359627004548197944293149534218664050",
"82892325136555187310924762098086198755",
"186316245402164727720295036670925056262",
"205194836444687988294513798140418440085",
"106415616385182659408988276268465431039",
"293937144073492810335523885571568587868",
"70871289163148326534620694842503059032",
"24766894206750828597041146145704692213",
"207284718232163746410487328441090732861"
]
},
"id": "CVE-2023-44488-606c734a",
"signature_type": "Line"
},
{
"target": {
"function": "vp9_alloc_context_buffers",
"file": "vp9/common/vp9_alloccommon.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
"digest": {
"length": 1143.0,
"function_hash": "39263615157591346240588001092418643047"
},
"id": "CVE-2023-44488-61e3a23f",
"signature_type": "Function"
},
{
"target": {
"file": "test/resize_test.cc"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
"digest": {
"threshold": 0.9,
"line_hashes": [
"222294996861201494531563221115526181830",
"177905442242017154764135092917670987263",
"296724635726239450151188088484457977547",
"239526560363414815411427251471114210813",
"280264804579290740107140485224924599482",
"144349025532577011718562765009437570731",
"316910969817943378999824533302179504849",
"161960282496103445579723084322288077455",
"337115596510057977265545488667594329807",
"143669365957967526086866222666248318510",
"155529621569970989173321266156303962503",
"206269327044260984591032794736675601133"
]
},
"id": "CVE-2023-44488-78cf689e",
"signature_type": "Line"
},
{
"target": {
"function": "ScaleForFrameNumber",
"file": "test/resize_test.cc"
},
"id": "CVE-2023-44488-909193b2",
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
"digest": {
"length": 2180.0,
"function_hash": "288963996531984184536244424477045288365"
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2023-44488-9cb458ac",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"297536733178013336173845220589622016262",
"310964825139288665161260973936441401479",
"172762087294317778397252765352531062212",
"335085056618071635204026208355251742043",
"275728933378211126258945904894723629237",
"277167508445064379967046790202939206440",
"22709030589833323417308096164073662712",
"211631338260170564770258418724506139852",
"230254996296603836217313589530369739093",
"312723164149999531686344208481768764041",
"240017725614467990035700092198035457655",
"231690860587987209475558095845170944107"
]
},
"target": {
"file": "vp9/encoder/vp9_encoder.c"
},
"signature_type": "Line"
},
{
"target": {
"file": "vp9/common/vp9_alloccommon.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"201803964402216507343490433769062691564",
"274359627004548197944293149534218664050",
"82892325136555187310924762098086198755",
"186316245402164727720295036670925056262",
"205194836444687988294513798140418440085",
"106415616385182659408988276268465431039",
"293937144073492810335523885571568587868",
"70871289163148326534620694842503059032",
"24766894206750828597041146145704692213",
"207284718232163746410487328441090732861"
]
},
"id": "CVE-2023-44488-a56cc93e",
"signature_type": "Line"
},
{
"id": "CVE-2023-44488-ac721d10",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
"digest": {
"length": 1143.0,
"function_hash": "39263615157591346240588001092418643047"
},
"target": {
"function": "vp9_alloc_context_buffers",
"file": "vp9/common/vp9_alloccommon.c"
},
"signature_type": "Function"
},
{
"id": "CVE-2023-44488-b36b8fee",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
"digest": {
"length": 3833.0,
"function_hash": "217232019533202777357522145330625855591"
},
"target": {
"function": "vp9_change_config",
"file": "vp9/encoder/vp9_encoder.c"
},
"signature_type": "Function"
},
{
"target": {
"file": "vp9/encoder/vp9_encoder.c"
},
"id": "CVE-2023-44488-bd976bf6",
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
"digest": {
"threshold": 0.9,
"line_hashes": [
"297536733178013336173845220589622016262",
"310964825139288665161260973936441401479",
"172762087294317778397252765352531062212",
"335085056618071635204026208355251742043",
"275728933378211126258945904894723629237",
"277167508445064379967046790202939206440",
"22709030589833323417308096164073662712",
"211631338260170564770258418724506139852",
"230254996296603836217313589530369739093",
"312723164149999531686344208481768764041",
"240017725614467990035700092198035457655",
"231690860587987209475558095845170944107"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2023-44488-cb7b7c7b",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
"digest": {
"length": 3833.0,
"function_hash": "217232019533202777357522145330625855591"
},
"target": {
"function": "vp9_change_config",
"file": "vp9/encoder/vp9_encoder.c"
},
"signature_type": "Function"
},
{
"id": "CVE-2023-44488-f23d0b8e",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
"digest": {
"length": 2180.0,
"function_hash": "288963996531984184536244424477045288365"
},
"target": {
"function": "ScaleForFrameNumber",
"file": "test/resize_test.cc"
},
"signature_type": "Function"
}
]
vanir_signatures_modified
"2026-04-12T07:20:40Z"
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44488.json"