{"id":"MGASA-2023-0280","summary":"Updated libvpx packages fix security vulnerability","details":"Heap buffer overflow in vp8 encoding in libvpx allowed a remote attacker\nto potentially exploit heap corruption via a crafted HTML page.\n","modified":"2026-04-16T00:11:04.640744172Z","published":"2023-10-02T10:18:07Z","upstream":["CVE-2023-5217"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0280.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32342"},{"type":"ADVISORY","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2023/09/28/5"}],"affected":[{"package":{"name":"libvpx","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libvpx?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.0-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0280.json"}},{"package":{"name":"libvpx","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libvpx?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.0-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0280.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}