Bug#1106689: libvpx: double-free in vpx_codec_enc_init_multi

To: 1106689@bugs.debian.org
Subject: Bug#1106689: libvpx: double-free in vpx_codec_enc_init_multi
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 27 May 2025 23:12:00 +0200
Message-id: <[🔎] aDYqoBCYb2g9fGgq@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1106689@bugs.debian.org
In-reply-to: <[🔎] 174837916018.2946179.8529869495277177517.reportbug@eldamar.lan>
References: <[🔎] 174837916018.2946179.8529869495277177517.reportbug@eldamar.lan> <[🔎] 174837916018.2946179.8529869495277177517.reportbug@eldamar.lan>

On Tue, May 27, 2025 at 10:52:40PM +0200, Salvatore Bonaccorso wrote:
> Source: libvpx
> Version: 1.12.0-1
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
> Control: found -1 1.15.0-2
> 
> Hi
> 
> The recent MFSA's for firefox mention the following issue as critical:
> 
> | A double-free could have occurred in vpx_codec_enc_init_multi after a
> | failed allocation when initializing the encoder for WebRTC. This could
> | have caused memory corruption and a potentially exploitable crash.
> 
> Cf. https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/
> 
> Fix is at:
> https://chromium.googlesource.com/webm/libvpx/+/1c758781c428c0e895645b95b8ff1512b6bdcecb

MR (for unstable) is at https://salsa.debian.org/multimedia-team/libvpx/-/merge_requests/5

Regards,
Salvatore

Reply to:

References:
- Bug#1106689: libvpx: double-free in vpx_codec_enc_init_multi
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#1106689: libvpx: double-free in vpx_codec_enc_init_multi
Next by Date: Bug#1106689: libvpx: diff for NMU version 1.15.0-2.1
Previous by thread: Processed: libvpx: double-free in vpx_codec_enc_init_multi
Next by thread: Bug#1106689: libvpx: diff for NMU version 1.15.0-2.1
Index(es):
- Date
- Thread