CVE-2023-44488

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-44488
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44488.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-44488
Downstream
Related
Published
2023-09-30T20:15:10Z
Modified
2025-10-16T10:12:38.376502Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

References

Affected packages

Git / github.com/webmproject/libvpx

Affected ranges

Type
GIT
Repo
https://github.com/webmproject/libvpx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
10b9492dcf05b652e2e4b370e205bd605d421972
Fixed
263682c9a29395055f3b3afe2d97be1828a6223f
Fixed
df9fd9d5b7325060b2b921558a1eb20ca7880937

Affected versions

v0.*

v0.9.0
v0.9.1
v0.9.2
v0.9.5
v0.9.6
v0.9.7
v0.9.7-p1

v1.*

v1.0.0
v1.1.0
v1.10.0
v1.10.0-rc1
v1.10.0-rc2
v1.11.0
v1.11.0-rc1
v1.12.0
v1.12.0-rc1
v1.13.0
v1.13.0-rc1
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.6.1
v1.7.0
v1.8.0
v1.8.1
v1.8.2
v1.9.0
v1.9.0-rc1

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "222294996861201494531563221115526181830",
                "177905442242017154764135092917670987263",
                "296724635726239450151188088484457977547",
                "239526560363414815411427251471114210813",
                "280264804579290740107140485224924599482",
                "144349025532577011718562765009437570731",
                "316910969817943378999824533302179504849",
                "161960282496103445579723084322288077455",
                "337115596510057977265545488667594329807",
                "143669365957967526086866222666248318510",
                "155529621569970989173321266156303962503",
                "206269327044260984591032794736675601133"
            ]
        },
        "target": {
            "file": "test/resize_test.cc"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
        "signature_version": "v1",
        "id": "CVE-2023-44488-00043731"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "201803964402216507343490433769062691564",
                "274359627004548197944293149534218664050",
                "82892325136555187310924762098086198755",
                "186316245402164727720295036670925056262",
                "205194836444687988294513798140418440085",
                "106415616385182659408988276268465431039",
                "293937144073492810335523885571568587868",
                "70871289163148326534620694842503059032",
                "24766894206750828597041146145704692213",
                "207284718232163746410487328441090732861"
            ]
        },
        "target": {
            "file": "vp9/common/vp9_alloccommon.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
        "signature_version": "v1",
        "id": "CVE-2023-44488-606c734a"
    },
    {
        "digest": {
            "function_hash": "39263615157591346240588001092418643047",
            "length": 1143.0
        },
        "target": {
            "function": "vp9_alloc_context_buffers",
            "file": "vp9/common/vp9_alloccommon.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
        "signature_version": "v1",
        "id": "CVE-2023-44488-61e3a23f"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "222294996861201494531563221115526181830",
                "177905442242017154764135092917670987263",
                "296724635726239450151188088484457977547",
                "239526560363414815411427251471114210813",
                "280264804579290740107140485224924599482",
                "144349025532577011718562765009437570731",
                "316910969817943378999824533302179504849",
                "161960282496103445579723084322288077455",
                "337115596510057977265545488667594329807",
                "143669365957967526086866222666248318510",
                "155529621569970989173321266156303962503",
                "206269327044260984591032794736675601133"
            ]
        },
        "target": {
            "file": "test/resize_test.cc"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
        "signature_version": "v1",
        "id": "CVE-2023-44488-78cf689e"
    },
    {
        "digest": {
            "function_hash": "288963996531984184536244424477045288365",
            "length": 2180.0
        },
        "target": {
            "function": "ScaleForFrameNumber",
            "file": "test/resize_test.cc"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
        "signature_version": "v1",
        "id": "CVE-2023-44488-909193b2"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "297536733178013336173845220589622016262",
                "310964825139288665161260973936441401479",
                "172762087294317778397252765352531062212",
                "335085056618071635204026208355251742043",
                "275728933378211126258945904894723629237",
                "277167508445064379967046790202939206440",
                "22709030589833323417308096164073662712",
                "211631338260170564770258418724506139852",
                "230254996296603836217313589530369739093",
                "312723164149999531686344208481768764041",
                "240017725614467990035700092198035457655",
                "231690860587987209475558095845170944107"
            ]
        },
        "target": {
            "file": "vp9/encoder/vp9_encoder.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
        "signature_version": "v1",
        "id": "CVE-2023-44488-9cb458ac"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "201803964402216507343490433769062691564",
                "274359627004548197944293149534218664050",
                "82892325136555187310924762098086198755",
                "186316245402164727720295036670925056262",
                "205194836444687988294513798140418440085",
                "106415616385182659408988276268465431039",
                "293937144073492810335523885571568587868",
                "70871289163148326534620694842503059032",
                "24766894206750828597041146145704692213",
                "207284718232163746410487328441090732861"
            ]
        },
        "target": {
            "file": "vp9/common/vp9_alloccommon.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
        "signature_version": "v1",
        "id": "CVE-2023-44488-a56cc93e"
    },
    {
        "digest": {
            "function_hash": "39263615157591346240588001092418643047",
            "length": 1143.0
        },
        "target": {
            "function": "vp9_alloc_context_buffers",
            "file": "vp9/common/vp9_alloccommon.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
        "signature_version": "v1",
        "id": "CVE-2023-44488-ac721d10"
    },
    {
        "digest": {
            "function_hash": "217232019533202777357522145330625855591",
            "length": 3833.0
        },
        "target": {
            "function": "vp9_change_config",
            "file": "vp9/encoder/vp9_encoder.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
        "signature_version": "v1",
        "id": "CVE-2023-44488-b36b8fee"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "297536733178013336173845220589622016262",
                "310964825139288665161260973936441401479",
                "172762087294317778397252765352531062212",
                "335085056618071635204026208355251742043",
                "275728933378211126258945904894723629237",
                "277167508445064379967046790202939206440",
                "22709030589833323417308096164073662712",
                "211631338260170564770258418724506139852",
                "230254996296603836217313589530369739093",
                "312723164149999531686344208481768764041",
                "240017725614467990035700092198035457655",
                "231690860587987209475558095845170944107"
            ]
        },
        "target": {
            "file": "vp9/encoder/vp9_encoder.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
        "signature_version": "v1",
        "id": "CVE-2023-44488-bd976bf6"
    },
    {
        "digest": {
            "function_hash": "217232019533202777357522145330625855591",
            "length": 3833.0
        },
        "target": {
            "function": "vp9_change_config",
            "file": "vp9/encoder/vp9_encoder.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
        "signature_version": "v1",
        "id": "CVE-2023-44488-cb7b7c7b"
    },
    {
        "digest": {
            "function_hash": "288963996531984184536244424477045288365",
            "length": 2180.0
        },
        "target": {
            "function": "ScaleForFrameNumber",
            "file": "test/resize_test.cc"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
        "signature_version": "v1",
        "id": "CVE-2023-44488-f23d0b8e"
    }
]