INFSA-2025:9120: libvpx security update

Information about definition

Identificator: INFSA-2025:9120

Type: security

Release date: 2025-07-15 19:34:31 UTC

Information about package

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Vulnerabilities description

  • CVE-2025-5283

    Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity level

CVE Score CVSS 2.0 Score CVSS 3.x Score CVSS 4.0
Critical, important, moderate, low

Updated packages