Search Issue Tracker
Fixed
Fixed in 2022.3.22f1, 2023.2.15f1, 2023.3.0b10
Votes
0
Found in
2022.3.12f1
2023.2.1f1
2023.3.0b1
Issue ID
UUM-59306
Regression
No
libvpx 1.13.1 upgrade to address vulnerabilities
How to reproduce:
Please can an upgrade to version 1.13.1 be assessed, to address the following CVEs:
1. [https://nvd.nist.gov/vuln/detail/CVE-2023-5217|https://nvd.nist.gov/vuln/detail/CVE-2023-5217] - Severity 8.8
2. [https://nvd.nist.gov/vuln/detail/CVE-2023-44488|https://nvd.nist.gov/vuln/detail/CVE-2023-44488] - Severity 7.5
From the reports, these vulnerabilities are present in libvpx prior to version 1.13.1.
Expected result: No vulnerabilities exist
Actual result: Vulnerabilities exist
Reproduced with: 2022.3.12f1
Reproduced on: macOS 14.1.1 (Intel) (by reporter)
Not reproduced on: No other environment tested
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- [WebGL]"TypeError: Cannot read properties of undefined (reading 'length')" error is thrown when starting the Player when config.autoSyncPersistentDataPath is set to true
- [UaaL] Freeze on "GetLightingSettingsOrDefaultsFallback()" when rotating device screen after unloading Unity framework
- A white vertical artifact is present when any Material from HDRI is used for a panoramic skybox
- Editor freezes when handling Havok collision interactions between a thin collider and the player controller
- No blue outline is shown on a folder in the Project tab when an external file is being dragged over the folder
Add comment