First published: Mon Oct 23 2023(Updated: )
USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libvpx5 | <1.7.0-3ubuntu0.18.04.1+esm1 | 1.7.0-3ubuntu0.18.04.1+esm1 |
=18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this advisory is USN-6403-2.
The libvpx5 package with version 1.7.0-3ubuntu0.18.04.1+esm1 on Ubuntu 18.04 LTS is affected by this vulnerability.
The severity of the vulnerabilities is not mentioned in the advisory.
To fix the vulnerability, update the libvpx5 package to version 1.7.0-3ubuntu0.18.04.1+esm1 or later.
More information about this vulnerability can be found at the following links: [CVE-2023-5217](https://ubuntu.com/security/CVE-2023-5217) and [CVE-2023-44488](https://ubuntu.com/security/CVE-2023-44488).