Issued:: 2025-06-16
Updated:: 2025-06-16

RHSA-2025:9127 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libvpx security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvpx is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

libvpx: Double-free in libvpx encoder (CVE-2025-5283)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Fixes

BZ - 2368749 - CVE-2025-5283 libvpx: Double-free in libvpx encoder

CVEs

CVE-2025-5283

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
libvpx-1.7.0-10.el8_4.1.src.rpm	SHA-256: 4ecca0668537461ea6759123c43730d3dff12b51ec9175365724a1dfffffc00c
x86_64
libvpx-1.7.0-10.el8_4.1.i686.rpm	SHA-256: 5e4b76f748109ce9acec6f0b5f944e428027c4cf094aa2122fb854a2457b70cb
libvpx-1.7.0-10.el8_4.1.x86_64.rpm	SHA-256: a5f6c2474706fb8ede6461ed8c8580b2fca8093b4126bd18ce848f631d47e2ac
libvpx-debuginfo-1.7.0-10.el8_4.1.i686.rpm	SHA-256: 302f5c8b744c0367d1f492a94a0688e0285b83365b504e83b5895df3778df522
libvpx-debuginfo-1.7.0-10.el8_4.1.x86_64.rpm	SHA-256: 06e9edacc197372246515130577902c02a82fa9c1e31bfddd1a3afa035218d5e
libvpx-debugsource-1.7.0-10.el8_4.1.i686.rpm	SHA-256: 6ed818cc298b8f1df4e1f09e9d362d25133cbfb0624c927f41d9ebb208b8f133
libvpx-debugsource-1.7.0-10.el8_4.1.x86_64.rpm	SHA-256: ec1f313160053c33e640623a945b499ce5c7d7e955745f89ed3c4a76b76f7f0f
libvpx-utils-debuginfo-1.7.0-10.el8_4.1.i686.rpm	SHA-256: 60ffa5b3de8cfe43e46b7936562504af6c2cb72ed3c85b66a208c54aeabc051c
libvpx-utils-debuginfo-1.7.0-10.el8_4.1.x86_64.rpm	SHA-256: 2cebb13578cd8d367496b6d34d50773242c84b848dc07ea8c40bcff0c6577415

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation