Updated 24 October 2023 (OS 11.09.110 available)

First published 5 October 2023

CVSS 3.1: 8.8 (High)



A vulnerability has been found in the Libvpx video library. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11


A vulnerability rated high (CVE-2023-5217) has been found in the code for the VP8 video format in Libvpx. This library is used in the Chromium and Firefox web browsers. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Google and Mozilla report that this vulnerability is being used in the wild.


  • OS 11: If feasible, use Firefox as your web browser and add the following custom command to System > Firmware Customization > Custom Commands > Base > Initialization in order to filter out media that could be used for an attack:


cp -v $FFPREFS ${FFPREFS}_bin

cat > $FFPREFS <<"EOF"


/services/fbrw/bin/firefox_preferences_bin "$@"

echo 'user_pref("image.webp.enabled", false);

user_pref("media.ffvpx.enabled", false);

user_pref("media.ffvpx.mp3.enabled", false);

user_pref("media.ffvpx.opus.enabled", false);

user_pref("media.ffvpx.vorbis.enabled", false);

user_pref("media.ffvpx.wav.enabled", false);' >> ~user/.mozilla/firefox/browser0/user.js


Update Instructions

  • OS 12: IGEL is preparing an updated Chromium app for OS 12.
  • OS 11: Update to IGEL OS 11.09.110 or newer.