CVE-2023-44488

CVSS v2.0

7.8

High

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libvpx versions prior to 1.13.1

Description The issue is related to the mishandling of widths in the VP9 codec of the libvpx library, leading to a crash related to encoding. This can be exploited by a remote attacker using a specially crafted HTML page, potentially causing a denial of service.

Recommendations For versions prior to 1.13.1, update to version 1.13.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the VP9 codec until a patch is available.

Fix

Heap Based Buffer Overflow

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-755

Related Identifiers

ALSA-2023:5537

ALSA-2023:5539

ALSA-2023:6187

ALSA-2023:6188

ALSA-2023:6191

ALSA-2023:6194

ALT-PU-2023-8405

ALT-PU-2025-1090

BDU:2023-06350

CESA-2023_5537

CESA-2023_6187

CESA-2023_6194

CVE-2023-44488

DLA-3598-1

DSA-5518-1

INFSA-2023_5539

MGASA-2023-0338

OESA-2023-1740

OESA-2024-1514

OPENSUSE-SU-2024_2409-1

RHSA-2023:5534

RHSA-2023:5535

RHSA-2023:5536

RHSA-2023:5537

RHSA-2023:5538

RHSA-2023:5539

RHSA-2023:5540

RHSA-2023:6162

RHSA-2023:6185

RHSA-2023:6186

RHSA-2023:6187

RHSA-2023:6188

RHSA-2023:6189

RHSA-2023:6190

RHSA-2023:6191

RHSA-2023:6192

RHSA-2023:6194

RHSA-2023:6195

RHSA-2023:6196

RHSA-2023:6197

RHSA-2023:6198

RHSA-2023:6199

RHSA-2023_5537

RHSA-2023_5539

RHSA-2023_6162

RHSA-2023_6187

RHSA-2023_6188

RHSA-2023_6191

RHSA-2023_6194

RLSA-2023:6188

ROSA-SA-2025-2563

ROSA-SA-2025-2564

SUSE-SU-2024:2409-1

SUSE-SU-2024_2409-1

USN-6403-1

USN-6403-2

USN-6403-3

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

Libvpx

CVE-2023-44488

Weakness Enumeration

Related Identifiers

Affected Products

References · 105