OESA-2025-1592

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1592

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1592.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1592

Upstream

CVE-2025-5283

Published

2025-06-06T14:03:37Z

Modified

2025-08-12T05:51:47.882883Z

Summary

libvpx security update

Details

libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs deployed on millions of computers and devices worldwide.

Security Fix(es):

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)(CVE-2025-5283)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:24.03-LTS-SP1 / libvpx

Package

Name: libvpx
Purl: pkg:rpm/openEuler/libvpx&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.13.1-4.oe2403sp1

Ecosystem specific

{
    "src": [
        "libvpx-1.13.1-4.oe2403sp1.src.rpm"
    ],
    "x86_64": [
        "libvpx-1.13.1-4.oe2403sp1.x86_64.rpm",
        "libvpx-debuginfo-1.13.1-4.oe2403sp1.x86_64.rpm",
        "libvpx-debugsource-1.13.1-4.oe2403sp1.x86_64.rpm",
        "libvpx-devel-1.13.1-4.oe2403sp1.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.13.1-4.oe2403sp1.aarch64.rpm",
        "libvpx-debuginfo-1.13.1-4.oe2403sp1.aarch64.rpm",
        "libvpx-debugsource-1.13.1-4.oe2403sp1.aarch64.rpm",
        "libvpx-devel-1.13.1-4.oe2403sp1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / libvpx

Package

Name: libvpx
Purl: pkg:rpm/openEuler/libvpx&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.0-12.oe2003sp4

Ecosystem specific

{
    "src": [
        "libvpx-1.7.0-12.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "libvpx-1.7.0-12.oe2003sp4.x86_64.rpm",
        "libvpx-debuginfo-1.7.0-12.oe2003sp4.x86_64.rpm",
        "libvpx-debugsource-1.7.0-12.oe2003sp4.x86_64.rpm",
        "libvpx-devel-1.7.0-12.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.7.0-12.oe2003sp4.aarch64.rpm",
        "libvpx-debuginfo-1.7.0-12.oe2003sp4.aarch64.rpm",
        "libvpx-debugsource-1.7.0-12.oe2003sp4.aarch64.rpm",
        "libvpx-devel-1.7.0-12.oe2003sp4.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / libvpx

Package

Name: libvpx
Purl: pkg:rpm/openEuler/libvpx&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.0-13.oe2203sp3

Ecosystem specific

{
    "src": [
        "libvpx-1.7.0-13.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "libvpx-1.7.0-13.oe2203sp3.x86_64.rpm",
        "libvpx-debuginfo-1.7.0-13.oe2203sp3.x86_64.rpm",
        "libvpx-debugsource-1.7.0-13.oe2203sp3.x86_64.rpm",
        "libvpx-devel-1.7.0-13.oe2203sp3.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.7.0-13.oe2203sp3.aarch64.rpm",
        "libvpx-debuginfo-1.7.0-13.oe2203sp3.aarch64.rpm",
        "libvpx-debugsource-1.7.0-13.oe2203sp3.aarch64.rpm",
        "libvpx-devel-1.7.0-13.oe2203sp3.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / libvpx

Package

Name: libvpx
Purl: pkg:rpm/openEuler/libvpx&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.0-13.oe2203sp4

Ecosystem specific

{
    "src": [
        "libvpx-1.7.0-13.oe2203sp4.src.rpm"
    ],
    "x86_64": [
        "libvpx-1.7.0-13.oe2203sp4.x86_64.rpm",
        "libvpx-debuginfo-1.7.0-13.oe2203sp4.x86_64.rpm",
        "libvpx-debugsource-1.7.0-13.oe2203sp4.x86_64.rpm",
        "libvpx-devel-1.7.0-13.oe2203sp4.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.7.0-13.oe2203sp4.aarch64.rpm",
        "libvpx-debuginfo-1.7.0-13.oe2203sp4.aarch64.rpm",
        "libvpx-debugsource-1.7.0-13.oe2203sp4.aarch64.rpm",
        "libvpx-devel-1.7.0-13.oe2203sp4.aarch64.rpm"
    ]
}

openEuler:24.03-LTS / libvpx

Package

Name: libvpx
Purl: pkg:rpm/openEuler/libvpx&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.13.1-4.oe2403

Ecosystem specific

{
    "src": [
        "libvpx-1.13.1-4.oe2403sp1.src.rpm",
        "libvpx-1.13.1-4.oe2403.src.rpm"
    ],
    "x86_64": [
        "libvpx-1.13.1-4.oe2403sp1.x86_64.rpm",
        "libvpx-debuginfo-1.13.1-4.oe2403sp1.x86_64.rpm",
        "libvpx-debugsource-1.13.1-4.oe2403sp1.x86_64.rpm",
        "libvpx-devel-1.13.1-4.oe2403sp1.x86_64.rpm",
        "libvpx-1.13.1-4.oe2403.x86_64.rpm",
        "libvpx-debuginfo-1.13.1-4.oe2403.x86_64.rpm",
        "libvpx-debugsource-1.13.1-4.oe2403.x86_64.rpm",
        "libvpx-devel-1.13.1-4.oe2403.x86_64.rpm"
    ],
    "aarch64": [
        "libvpx-1.13.1-4.oe2403sp1.aarch64.rpm",
        "libvpx-debuginfo-1.13.1-4.oe2403sp1.aarch64.rpm",
        "libvpx-debugsource-1.13.1-4.oe2403sp1.aarch64.rpm",
        "libvpx-devel-1.13.1-4.oe2403sp1.aarch64.rpm",
        "libvpx-1.13.1-4.oe2403.aarch64.rpm",
        "libvpx-debuginfo-1.13.1-4.oe2403.aarch64.rpm",
        "libvpx-debugsource-1.13.1-4.oe2403.aarch64.rpm",
        "libvpx-devel-1.13.1-4.oe2403.aarch64.rpm"
    ]
}