CVE-2023-6349

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

VectorNETWORK

Published Bycve-coordination@google.com

Published DateMay 27, 2024, 12:15

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

5.7

Vector String

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

PASSIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

https://crbug.com/webm/1642

Base Score

HIGH7.5

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

5.7

Vector String

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

PASSIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)