OESA-2024-1716
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1716
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-1716.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2024-1716
- Upstream
- Published
- 2024-06-14T11:08:15Z
- Modified
- 2025-08-12T05:46:38.176830Z
- Summary
- libvpx security update
- Details
-
libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs deployed on millions of computers and devices worldwide.
Security Fix(es):
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc() with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be invalid. Calling vpximgwrap() with a large value of the dw, dh, or stridealign parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximage_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond(CVE-2024-5197)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP4 / libvpx
Package
- Name
- libvpx
- Purl
- pkg:rpm/openEuler/libvpx&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.0-11.oe2003sp4
Ecosystem specific
{
"src": [
"libvpx-1.7.0-11.oe2003sp4.src.rpm"
],
"x86_64": [
"libvpx-debugsource-1.7.0-11.oe2003sp4.x86_64.rpm",
"libvpx-1.7.0-11.oe2003sp4.x86_64.rpm",
"libvpx-debuginfo-1.7.0-11.oe2003sp4.x86_64.rpm",
"libvpx-devel-1.7.0-11.oe2003sp4.x86_64.rpm"
],
"aarch64": [
"libvpx-1.7.0-11.oe2003sp4.aarch64.rpm",
"libvpx-debugsource-1.7.0-11.oe2003sp4.aarch64.rpm",
"libvpx-devel-1.7.0-11.oe2003sp4.aarch64.rpm",
"libvpx-debuginfo-1.7.0-11.oe2003sp4.aarch64.rpm"
]
}
openEuler:22.03-LTS-SP1 / libvpx
Package
- Name
- libvpx
- Purl
- pkg:rpm/openEuler/libvpx&distro=openEuler-22.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.0-12.oe2203sp1
Ecosystem specific
{
"src": [
"libvpx-1.7.0-12.oe2203sp1.src.rpm"
],
"x86_64": [
"libvpx-debugsource-1.7.0-12.oe2203sp1.x86_64.rpm",
"libvpx-debuginfo-1.7.0-12.oe2203sp1.x86_64.rpm",
"libvpx-1.7.0-12.oe2203sp1.x86_64.rpm",
"libvpx-devel-1.7.0-12.oe2203sp1.x86_64.rpm"
],
"aarch64": [
"libvpx-debuginfo-1.7.0-12.oe2203sp1.aarch64.rpm",
"libvpx-debugsource-1.7.0-12.oe2203sp1.aarch64.rpm",
"libvpx-1.7.0-12.oe2203sp1.aarch64.rpm",
"libvpx-devel-1.7.0-12.oe2203sp1.aarch64.rpm"
]
}
openEuler:22.03-LTS-SP3 / libvpx
Package
- Name
- libvpx
- Purl
- pkg:rpm/openEuler/libvpx&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.0-12.oe2203sp3
Ecosystem specific
{
"src": [
"libvpx-1.7.0-12.oe2203sp3.src.rpm"
],
"x86_64": [
"libvpx-devel-1.7.0-12.oe2203sp3.x86_64.rpm",
"libvpx-debugsource-1.7.0-12.oe2203sp3.x86_64.rpm",
"libvpx-1.7.0-12.oe2203sp3.x86_64.rpm",
"libvpx-debuginfo-1.7.0-12.oe2203sp3.x86_64.rpm"
],
"aarch64": [
"libvpx-devel-1.7.0-12.oe2203sp3.aarch64.rpm",
"libvpx-1.7.0-12.oe2203sp3.aarch64.rpm",
"libvpx-debugsource-1.7.0-12.oe2203sp3.aarch64.rpm",
"libvpx-debuginfo-1.7.0-12.oe2203sp3.aarch64.rpm"
]
}
openEuler:24.03-LTS / libvpx
Package
- Name
- libvpx
- Purl
- pkg:rpm/openEuler/libvpx&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.13.1-2.oe2403
Ecosystem specific
{
"src": [
"libvpx-1.13.1-2.oe2403.src.rpm"
],
"x86_64": [
"libvpx-debugsource-1.13.1-2.oe2403.x86_64.rpm",
"libvpx-1.13.1-2.oe2403.x86_64.rpm",
"libvpx-debuginfo-1.13.1-2.oe2403.x86_64.rpm",
"libvpx-devel-1.13.1-2.oe2403.x86_64.rpm"
],
"aarch64": [
"libvpx-devel-1.13.1-2.oe2403.aarch64.rpm",
"libvpx-debuginfo-1.13.1-2.oe2403.aarch64.rpm",
"libvpx-debugsource-1.13.1-2.oe2403.aarch64.rpm",
"libvpx-1.13.1-2.oe2403.aarch64.rpm"
]
}