{"id":"JLSEC-2026-374","details":"VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.","modified":"2026-05-01T14:00:12.493978Z","published":"2026-05-01T13:54:10.329Z","upstream":["CVE-2023-44488"],"database_specific":{"sources":[{"imported":"2026-05-01T13:33:19.788Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-44488","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44488","published":"2023-09-30T20:15:10.200Z","database_specific":{"status":"Modified"},"modified":"2024-11-21T08:25:59.403Z","id":"CVE-2023-44488"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/09/30/4"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/09/30/4"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241806"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241806"},{"type":"WEB","url":"https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f"},{"type":"WEB","url":"https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f"},{"type":"WEB","url":"https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937"},{"type":"WEB","url":"https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937"},{"type":"WEB","url":"https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1"},{"type":"WEB","url":"https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1"},{"type":"WEB","url":"https://github.com/webmproject/libvpx/releases/tag/v1.13.1"},{"type":"WEB","url":"https://github.com/webmproject/libvpx/releases/tag/v1.13.1"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202310-04"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202310-04"},{"type":"WEB","url":"https://www.debian.org/security/2023/dsa-5518"},{"type":"WEB","url":"https://www.debian.org/security/2023/dsa-5518"}],"affected":[{"package":{"name":"LibVPX_jll","ecosystem":"Julia","purl":"pkg:julia/LibVPX_jll?uuid=dd192d2f-8180-539f-9fb4-cc70b1dcf69a"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.15.2+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-374.json"}}],"schema_version":"1.7.5"}