Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

VP8/VP9's libvpx 1.13.1 Released Due To A High Severity Vulnerability

Written by Michael Larabel in Multimedia on 30 September 2023 at 06:02 AM EDT. 23 Comments

MULTIMEDIA

Google on Friday released libvpx 1.13.1 as the newest update to this open-source reference encoder for the VP8 and VP9 video codecs. This release is coming due to CVE-2023-5217, which is a "high" severity vulnerability that's been exploited within at least the Google Chrome web browser.

CVE-2023-5217 is due to a heap buffer overflow within the VP8 encoding path in libvpx used by Google Chrome. With prior Chrome versions and pre-1.13.1 for libvpx, a remote attacker could potentially exploit heap corruption via a specially crafted HTML page. Google is aware of an exploit for this vulnerability existing in the wild.

VP8 codec logo

Details on this security vulnerability can be found via the oss-security list.

Released on Friday night was the libvpx 1.13.1 update with this security fix for CVE-2023-5217 as well as a crash related to VP9 encoding.

23 Comments

Related News

FFmpeg's ffplay Media Player Adds Vulkan Renderer

Open-Source H.264 Video Encode Coming For Allwinner V3/V3s/S3 SoCs

OBS Studio 30.0 Released With Intel QSV AV1 On Linux, WHIP/WebRTC Output

FFmpeg 6.1 Released With Vulkan Video Decoding, VA-API AV1 Encode

FFmpeg Patches Allow For "Fully Functional" Multi-Threaded CLI

New AMD & Intel Sound Support Ready For Playback In Linux 6.7

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Roundcube Open-Source Webmail Software Merges With Nextcloud

Firefox 121 Is Looking Good For Having Wayland Enabled By Default

Debian's MIPS64EL CPU Port Is At Risk Due To Declining Hardware Access

PCSX2 Emulator Disables Wayland Support By Default

LACT Is The Newest AMD Radeon GUI Control Panel For Linux

KDE Is Down To Just One Wayland Showstopper Bug Remaining

TUXEDO Computers Launches First All-AMD Linux Gaming Laptop

OpenZFS Is Still Battling A Data Corruption Issue