Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{ "vanir_signatures": [ { "deprecated": false, "digest": { "line_hashes": [ "194088585812691905481354654785977110374", "87786437187731232193287439555318335968", "311663159182386501039936539071912234045", "176342002606525737175777182358941018005", "222516424595603037689773760919213912709", "225421237099069023014073447057006406283", "156498414877815086044910302727676824318" ], "threshold": 0.9 }, "source": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "signature_type": "Line", "id": "CVE-2023-5217-5434e38b", "target": { "file": "test/encode_api_test.cc" }, "signature_version": "v1" }, { "deprecated": false, "digest": { "function_hash": "100230110426315063526584035075349816268", "length": 828.0 }, "source": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "signature_type": "Function", "id": "CVE-2023-5217-59c4ee72", "target": { "file": "test/encode_api_test.cc", "function": "TEST" }, "signature_version": "v1" }, { "deprecated": false, "digest": { "function_hash": "286692908604999191245803454414914826420", "length": 1225.0 }, "source": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "signature_type": "Function", "id": "CVE-2023-5217-9b69e562", "target": { "file": "test/encode_api_test.cc", "function": "TEST" }, "signature_version": "v1" }, { "deprecated": false, "digest": { "line_hashes": [ "330207852396136827555187902995997508991", "136729999502473988878370435018177723713", "15678369136114235740638393954350936456", "29923588737913573680652580060977133403", "37773578129138277403789668865252074553", "208095115678472981879396413634191585616", "208615308191935464082942480319992654085", "6770653278206996996157363816394479362", "300357361493662169961043031214313606186", "216511662522186585972998914279732097668" ], "threshold": 0.9 }, "source": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "signature_type": "Line", "id": "CVE-2023-5217-b975f3f7", "target": { "file": "test/encode_api_test.cc" }, "signature_version": "v1" }, { "deprecated": false, "digest": { "line_hashes": [ "145482218640286121211368997722597947029", "168502398490642422058993771546900085627", "4517982599115396846171772755713147428" ], "threshold": 0.9 }, "source": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "signature_type": "Line", "id": "CVE-2023-5217-d8e47c27", "target": { "file": "vp8/encoder/onyx_if.c" }, "signature_version": "v1" }, { "deprecated": false, "digest": { "function_hash": "174559640541706553597192381471309499032", "length": 421.0 }, "source": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "signature_type": "Function", "id": "CVE-2023-5217-ddc6739b", "target": { "file": "test/encode_api_test.cc", "function": "InitCodec" }, "signature_version": "v1" }, { "deprecated": false, "digest": { "function_hash": "9318311977028663908885622115267581070", "length": 8188.0 }, "source": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "signature_type": "Function", "id": "CVE-2023-5217-eb8089c4", "target": { "file": "vp8/encoder/onyx_if.c", "function": "vp8_change_config" }, "signature_version": "v1" } ] }