0020268: [Security] VPx codecs need to be updated

ID	Project	Category	View Status	Date Submitted	Last Update

0020268	MMW 5	Codecs	public	2023-10-02 01:22	2023-10-13 21:11

Reporter	rusty	Assigned To
Priority	immediate	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	5.0.4
Target Version	5.1	Fixed in Version	5.1

Summary	0020268: [Security] VPx codecs need to be updated
Description	There's a zero-day exploit that affects vp8/9 files due to a vulnerability in libvpx. https://arstechnica.com/?p=1972043 https://github.com/webmproject/webmdshow/tree/main needs to be updated
Tags	No tags attached.

Fixed in build	2818

michal 2023-10-02 07:36 developer ~0072964	We also need to update libwebpdecoder library used for decoding WebP, as there was also found exploit in libwebp in last weeks.

michal 2023-10-02 18:53 developer ~0072967	Fixed in build 2818. Compiled with up to date libwebp and libvpx libraries.

peke 2023-10-13 21:11 developer ~0073101	Verified 2819