Forum: >>> Magnum BBS <<<

Bug#1106689: libvpx: double-free in vpx_codec_enc_init_multi

From Salvatore Bonaccorso@21:1/5 to Salvatore Bonaccorso on Tue May 27 23:20:01 2025

On Tue, May 27, 2025 at 10:52:40PM +0200, Salvatore Bonaccorso wrote:

Source: libvpx
Version: 1.12.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 1.15.0-2

Hi

The recent MFSA's for firefox mention the following issue as critical:

| A double-free could have occurred in vpx_codec_enc_init_multi after a
| failed allocation when initializing the encoder for WebRTC. This could
| have caused memory corruption and a potentially exploitable crash.

Cf. https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/

Fix is at: https://chromium.googlesource.com/webm/libvpx/+/1c758781c428c0e895645b95b8ff1512b6bdcecb

MR (for unstable) is at https://salsa.debian.org/multimedia-team/libvpx/-/merge_requests/5

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (2 / 14)
Uptime:	145:42:42
Calls:	10,383
Calls today:	8
Files:	14,054
D/L today:	2 files (1,861K bytes)
Messages:	6,417,685