FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libvpx -- buffer overflow in vp9_init_context_buffers

Affected packages
libvpx < 1.4.0.488_1

Details

VuXML ID 6ca7eddd-d436-486a-b169-b948436bcf14
Discovery 2015-09-22
Entry 2015-11-10

The Mozilla Project reports:

Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library.

References

CVE Name CVE-2015-4506
URL https://www.mozilla.org/security/advisories/mfsa2015-101/