PT-2026-8351 · Libvpx+5 · Libvpx+7
Jayjayjazz
·
Published
2026-01-01
·
Updated
2026-04-17
·
CVE-2026-2447
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 147.0.4
Firefox ESR versions prior to 140.7.1
Firefox ESR versions prior to 115.32.1
Thunderbird versions prior to 140.7.2
Thunderbird versions prior to 147.0.2
Description
A heap buffer overflow exists in the libvpx VP8/VP9 video codec path. This issue could be triggered by crafted media, potentially leading to memory corruption and remote code execution. The vulnerability affects global browser users. The issue is related to the
libvpx library and specifically impacts the VP9 video processing functionality.Recommendations
Update Firefox to version 147.0.4 or later.
Update Firefox ESR to version 140.7.1 or later.
Update Firefox ESR to version 115.32.1 or later.
Update Thunderbird to version 140.7.2 or later.
Update Thunderbird to version 147.0.2 or later.
Fix
RCE
DoS
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox
Firefox Esr
Linuxmint
Red Os
Rocky Linux
Thunderbird
Ubuntu
Libvpx