CVE-2026-2447

Description

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

Affected packages (5)

• Debian/firefox-esrfrom 0, < 140.8.0esr-1
• Debian/libvpxfrom 0, < 1.9.0-1+deb11u5
• Debian/libvpxfrom 0, < 1.9.0-1+deb11u5
• Debian/libvpxfrom 0, < 1.12.0-1+deb12u5
• Debian/thunderbirdfrom 0, < 1:140.8.0esr-1

CVSS scores

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-2447