-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5928-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 28, 2025                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libvpx
CVE ID         : CVE-2025-5283
Debian Bug     : 1106689

It was discovered that a double-free in the encoder of libvpx, a
multimedia library for the VP8 and VP9 video codecs, may result in
denial of service and potentially the execution of arbitrary code.

For the stable distribution (bookworm), this problem has been fixed in
version 1.12.0-1+deb12u4.

We recommend that you upgrade your libvpx packages.

For the detailed security status of libvpx please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libvpx

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmg3cvxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QxRA/8DYbjPnAk+skIK83XkeQU8TElsQor65smeK/7tRoSfxOPOQR7Gkko3ZSc
8f7a055g/ujfK8r9mGiUVUnfvutb5yuYlOZXvctUgQoVdCJRH4EaeURTak9P4tzL
25KCNv7cQpB5Ss0kx7WzQ3HwwHP/e3MFXJbYmmndutkUWrwfFOkP6yLr81OhIXH7
jjwLenG6m22uQAGERdliRUMDASNHvnHWJOjgpAWNNOcYWQK4GxByHhdk1jyFb3lR
ImLgPUC9ycYkCtIqb2eyARVIl+s+51lBcB0Yj0jL/a3S+dhKWm9WDo/lqjQTu+jC
0FAN1hGkN9HVqypySfXN2u4ztnjxYcR5DVMBzIvCXe+qDlEYcf7iWgA3uzNVu6De
vFtoF/4Co0sn4deS2F4gJGLadrzxoxQjB1LP8rgnwy9XmRuMxSqozeXZp8U6Zn5v
/udBB/5b4tZhrDz0loyEsSsp0XjRbU5ky/SXOCjyk7M/pRVTWi41xwZNP7597ju5
vEXSmh9f0KT3k+80z5gXFnTd9MDk3KN1VGoIPx91SnpYejBRL/64hG7LyZVr29TP
umRSF0nX3MwwM4WQIR/LRLias92S5wnqa28japo+WAYZ3j4fdZ1jatd7C9RFHvif
JI84wdVChM5UPbK/v2pnjDqIgAffJ38hni0G9paskQwaVd0rpMk=
=ZvdT
-----END PGP SIGNATURE-----