CVE-2023-6349: Heap overflow in libvpx
First published: Mon May 27 2024(Updated: )
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/libvpx | <1.13.1 | 1.13.1 |
| IBM QRadar Security Information and Event Manager | <=7.5 - 7.5.0 UP9 IF03 | |
| IBM Security QRadar Incident Forensics | <=7.5 - 7.5.0 UP9 IF03 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://crbug.com/webm/1642
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2283554
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2283556
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2283558
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2283559
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2283560
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2283561
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2283557
- https://access.redhat.com/errata/RHSA-2024:5941
- https://bugzilla.redhat.com/show_bug.cgi?id=2283553
- https://www.ibm.com/support/pages/node/7173420 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-6349?
CVE-2023-6349 is classified as a high severity vulnerability due to the potential for a heap overflow causing crashes or remote code execution.
How do I fix CVE-2023-6349?
To fix CVE-2023-6349, upgrade libvpx to version 1.13.1 or above.
Which software is affected by CVE-2023-6349?
CVE-2023-6349 affects libvpx and is also noted in IBM QRadar SIEM and QRadar Incident Forensics prior to version 7.5.0 UP9 IF03.
What does CVE-2023-6349 exploit?
CVE-2023-6349 exploits a heap overflow vulnerability that occurs when encoding a frame with larger dimensions than originally configured.
Can CVE-2023-6349 lead to any security risks?
Yes, CVE-2023-6349 can lead to security risks including potential remote code execution and application crashes.
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-6349
- agent/software-canonical-lookup
- agent/trending
- agent/references
- agent/last-modified-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/ibm
- canonical/ibm qradar security information and event manager
- version/ibm qradar security information and event manager/7.5 - 7.5.0 up9 if03
- canonical/ibm security qradar incident forensics
- version/ibm security qradar incident forensics/7.5 - 7.5.0 up9 if03