| Package | libvpx |
|---|---|
| Version | 1.3.0-3+deb8u5 (jessie), 1.6.1-3+deb9u6 (stretch) |
| Related CVEs | CVE-2016-6711 CVE-2017-0393 CVE-2024-5197 |
Multiple vulnerabilities have been fixed in libvpx, a library for decoding and encoding VP8 and VP9 videos.
CVE-2016-6711 (vulnerability was not present in stretch)
VP8 decoder crash with invalid leading keyframes
CVE-2017-0393 (vulnerability was not present in stretch)
VP8 threading issues
CVE-2024-5197
Integer overflows
For Debian 8 jessie, these problems have been fixed in version 1.3.0-3+deb8u5.
For Debian 9 stretch, these problems have been fixed in version 1.6.1-3+deb9u6.
We recommend that you upgrade your libvpx packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.