Bug 2368931

Summary: CVE-2025-5262 libvpx: Double-free in libvpx encoder [fedora-all]
Product: [Fedora] Fedora Reporter: Mauro Matteo Cascella <mcascell>
Component: libvpxAssignee: Wim Taymans <wtaymans>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 42CC: spotrh, wtaymans
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: {"flaws": ["7f550eea-42a6-4499-b630-8467c0d74dff"]}
Fixed In Version: libvpx-1.15.0-3.fc43 libvpx-1.15.0-3.fc42 libvpx-1.15.0-3.fc41 Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-06-03 16:11:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2368749    

Description Mauro Matteo Cascella 2025-05-28 10:02:45 UTC 
More information about this security flaw is available in the following bug:

https://bugzilla.redhat.com/show_bug.cgi?id=2368749

Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Comment 1 Fedora Update System 2025-06-03 14:48:46 UTC 
FEDORA-2025-8d38482143 (libvpx-1.15.0-3.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-8d38482143
Comment 2 Fedora Update System 2025-06-03 15:07:08 UTC 
FEDORA-2025-15220f1411 (libvpx-1.15.0-3.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-15220f1411
Comment 3 Fedora Update System 2025-06-03 15:07:36 UTC 
FEDORA-2025-f5bf0fb721 (libvpx-1.15.0-3.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-f5bf0fb721
Comment 4 Fedora Update System 2025-06-03 16:11:00 UTC 
FEDORA-2025-8d38482143 (libvpx-1.15.0-3.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 5 Fedora Update System 2025-06-04 04:30:13 UTC 
FEDORA-2025-f5bf0fb721 has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-f5bf0fb721`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-f5bf0fb721

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2025-06-04 05:04:28 UTC 
FEDORA-2025-15220f1411 has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-15220f1411`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-15220f1411

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2025-06-06 01:44:17 UTC 
FEDORA-2025-f5bf0fb721 (libvpx-1.15.0-3.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 Fedora Update System 2025-06-08 02:31:45 UTC 
FEDORA-2025-15220f1411 (libvpx-1.15.0-3.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.