CVE-2025-5262

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 139 and Thunderbird < 128.11.

CVSS

No CVSS.

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1962421
https://www.mozilla.org/security/advisories/mfsa2025-45/
https://www.mozilla.org/security/advisories/mfsa2025-46/

Configurations

No configuration.

History

20 Aug 2025, 14:40

Type	Values Removed	Values Added
Summary		(es) Podría haberse producido una doble liberación en `vpx_codec_enc_init_multi` tras un error de asignación al inicializar el codificador para WebRTC. Esto podría haber causado corrupción de memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird (versión anterior a la 139) y Thunderbird (versión anterior a la 128.11).

19 Aug 2025, 21:15

Type	Values Removed	Values Added
References		() https://bugzilla.mozilla.org/show_bug.cgi?id=1962421 - () https://www.mozilla.org/security/advisories/mfsa2025-45/ - () https://www.mozilla.org/security/advisories/mfsa2025-46/ -
Summary	(en) Rejected reason: This CVE was accidentally assigned by Mozilla but should be assigned by another CNA. When the correct CVE is available, Mozilla's advisories will be updated to reflect that identifier.	(en) A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 139 and Thunderbird < 128.11.

27 May 2025, 18:15

Type	Values Removed	Values Added
CWE	~~CWE-415~~
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : unknown
References	~~{'url': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1962421', 'source': 'security@mozilla.org'}~~ ~~{'url': 'https://www.mozilla.org/security/advisories/mfsa2025-42/', 'source': 'security@mozilla.org'}~~ ~~{'url': 'https://www.mozilla.org/security/advisories/mfsa2025-43/', 'source': 'security@mozilla.org'}~~ ~~{'url': 'https://www.mozilla.org/security/advisories/mfsa2025-44/', 'source': 'security@mozilla.org'}~~
Summary	(en) A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, and Firefox ESR < 128.11.	(en) Rejected reason: This CVE was accidentally assigned by Mozilla but should be assigned by another CNA. When the correct CVE is available, Mozilla's advisories will be updated to reflect that identifier.

27 May 2025, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-415

27 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-27 13:15

Updated : 2025-08-20 14:40

NVD link : CVE-2025-5262

Mitre link : CVE-2025-5262

CVE.ORG link : CVE-2025-5262

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2025-5262

Attach tags to `CVE-2025-5262`