Webmproject: Security Vulnerabilities
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-02-02
The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-01-30
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.
CVSS Score
3.3
EPSS Score
0.001
Published
2017-02-03
VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".
CVSS Score
5.0
EPSS Score
0.012
Published
2012-02-23
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
CVSS Score
9.8
EPSS Score
0.081
Published
2010-11-06
Page 3