CVE-2026-2447

HIGH

libvpx - Buffer Overflow

Title source: llm

Description

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

References (4)

Scores

CVSS v3 8.8
EPSS 0.0004
EPSS Percentile 12.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-122
Status published

Affected Products (3)

mozilla/firefox < 115.32.1
mozilla/firefox < 147.0.4
mozilla/thunderbird < 140.7.2

Timeline

Published Feb 16, 2026
Tracked Since Feb 18, 2026