HCE2-SA-2024-0016
An update for libvpx is now available for HCE 2.0
Important
HCE 2.0
Security Fix(es):
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5217)
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. (CVE-2023-44488)
HCE 2.0
libvpx-1.7.0-10.hce2.aarch64.rpm
libvpx-devel-1.7.0-10.hce2.aarch64.rpm
libvpx-1.7.0-10.hce2.x86_64.rpm
libvpx-devel-1.7.0-10.hce2.x86_64.rpm