UbuntuUpdates.org

Package "vpx-tools"

Name: vpx-tools

Description:

VP8 and VP9 video codec encoding/decoding tools
Latest version: 1.14.0-1ubuntu2.2
Release: noble (24.04)
Level: security
Repository: universe
Head package: libvpx
Homepage: https://www.webmproject.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "vpx-tools"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "vpx-tools" in Noble

Repository Area Version
base universe 1.14.0-1ubuntu2
updates universe 1.14.0-1ubuntu2.2

Changelog

Version: 1.14.0-1ubuntu2.2 2025-06-03 17:07:36 UTC

  libvpx (1.14.0-1ubuntu2.2) noble-security; urgency=medium

  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2025-5283.patch: fix double free on init failure.
    - CVE-2025-5283

 -- Fabian Toepfer <email address hidden> Mon, 02 Jun 2025 16:58:48 +0200
Source diff to previous version
CVE-2025-5283 Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML

Version: 1.14.0-1ubuntu2.1 2024-06-06 18:07:53 UTC

  libvpx (1.14.0-1ubuntu2.1) noble-security; urgency=medium

  * SECURITY UPDATE: multiple integer overflows
    - debian/patches/CVE-2024-5197-pre1.patch: add test/vpx_image_test.cc.
    - debian/patches/CVE-2024-5197-1.patch: fix integer overflows in calc
      of stride_in_bytes in test/vpx_image_test.cc, vpx/src/vpx_image.c.
    - debian/patches/CVE-2024-5197-2.patch: avoid integer overflows in
      arithmetic operations in test/vpx_image_test.cc, vpx/src/vpx_image.c,
      vpx/vpx_image.h.
    - debian/patches/CVE-2024-5197-3.patch: fix a bug in alloc_size for
      high bit depths in vpx/src/vpx_image.c.
    - CVE-2024-5197

 -- Marc Deslauriers <email address hidden> Wed, 05 Jun 2024 09:49:38 -0400
CVE-2024-5197 There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter


About   -   Send Feedback to @ubuntu_updates