Describe the bug
Our security team has identified a critical vulnerability in the version of libvpx used in the iOS Chime SDK:
Vulnerability: CVE-2023-44488
Issue: VP9 in libvpx before version 1.13.1 mishandles widths, leading to a crash related to encoding.
Current Version Used (in SDK): 1.12.0
Recommended Version: 1.13.1 or higher
This vulnerability increases the risk of crashes in applications using the affected SDK version.
Could you confirm the version of libvpx currently integrated into the iOS Chime SDK? If version 1.12.0 is still in use, we request an update to version 1.13.1 or higher to address this security issue.
We would appreciate a timeline for when this update might be available or any additional guidance your team can provide.
Describe the bug Our security team has identified a critical vulnerability in the version of libvpx used in the iOS Chime SDK:
Vulnerability: CVE-2023-44488 Issue: VP9 in libvpx before version 1.13.1 mishandles widths, leading to a crash related to encoding. Current Version Used (in SDK): 1.12.0 Recommended Version: 1.13.1 or higher This vulnerability increases the risk of crashes in applications using the affected SDK version.
Could you confirm the version of libvpx currently integrated into the iOS Chime SDK? If version 1.12.0 is still in use, we request an update to version 1.13.1 or higher to address this security issue.
We would appreciate a timeline for when this update might be available or any additional guidance your team can provide.