Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
[ { "signature_version": "v1", "deprecated": false, "digest": { "line_hashes": [ "194088585812691905481354654785977110374", "87786437187731232193287439555318335968", "311663159182386501039936539071912234045", "176342002606525737175777182358941018005", "222516424595603037689773760919213912709", "225421237099069023014073447057006406283", "156498414877815086044910302727676824318" ], "threshold": 0.9 }, "target": { "file": "test/encode_api_test.cc" }, "signature_type": "Line", "id": "CVE-2023-5217-5434e38b", "source": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "signature_version": "v1", "deprecated": false, "digest": { "length": 828.0, "function_hash": "100230110426315063526584035075349816268" }, "target": { "function": "TEST", "file": "test/encode_api_test.cc" }, "signature_type": "Function", "id": "CVE-2023-5217-59c4ee72", "source": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "signature_version": "v1", "deprecated": false, "digest": { "length": 1225.0, "function_hash": "286692908604999191245803454414914826420" }, "target": { "function": "TEST", "file": "test/encode_api_test.cc" }, "signature_type": "Function", "id": "CVE-2023-5217-9b69e562", "source": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "signature_version": "v1", "deprecated": false, "digest": { "line_hashes": [ "330207852396136827555187902995997508991", "136729999502473988878370435018177723713", "15678369136114235740638393954350936456", "29923588737913573680652580060977133403", "37773578129138277403789668865252074553", "208095115678472981879396413634191585616", "208615308191935464082942480319992654085", "6770653278206996996157363816394479362", "300357361493662169961043031214313606186", "216511662522186585972998914279732097668" ], "threshold": 0.9 }, "target": { "file": "test/encode_api_test.cc" }, "signature_type": "Line", "id": "CVE-2023-5217-b975f3f7", "source": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "signature_version": "v1", "deprecated": false, "digest": { "line_hashes": [ "145482218640286121211368997722597947029", "168502398490642422058993771546900085627", "4517982599115396846171772755713147428" ], "threshold": 0.9 }, "target": { "file": "vp8/encoder/onyx_if.c" }, "signature_type": "Line", "id": "CVE-2023-5217-d8e47c27", "source": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "signature_version": "v1", "deprecated": false, "digest": { "length": 421.0, "function_hash": "174559640541706553597192381471309499032" }, "target": { "function": "InitCodec", "file": "test/encode_api_test.cc" }, "signature_type": "Function", "id": "CVE-2023-5217-ddc6739b", "source": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "signature_version": "v1", "deprecated": false, "digest": { "length": 8188.0, "function_hash": "9318311977028663908885622115267581070" }, "target": { "function": "vp8_change_config", "file": "vp8/encoder/onyx_if.c" }, "signature_type": "Function", "id": "CVE-2023-5217-eb8089c4", "source": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" } ]