CVE-2026-2447
Heap buffer overflow in libvpx
Description
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
INFO
Published Date :
Feb. 16, 2026, 3:18 p.m.
Last Modified :
June 30, 2026, 3:18 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2026-2447
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | |||||
| CVSS 3.1 | HIGH | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | ||||
| CVSS 3.1 | HIGH | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c |
Solution
- Update Firefox to version 147.0.4 or later.
- Update Firefox ESR to version 140.7.1 or later.
- Update Firefox ESR to version 115.32.1 or later.
Public PoC/Exploit Available at Github
CVE-2026-2447 has a 2 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-2447.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-2447 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-2447
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Publish Site
HTML CSS JavaScript
None
Shell Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-2447 vulnerability anywhere in the article.
-
The Cyber Express
Discord Launches End-to-End Encryption for Voice and Video Calls
Discord has officially rolled out end-to-end encryption for all voice and video calls across its platform, marking a major shift in how the company approaches user privacy and secure communications. T ... Read more
-
The Cyber Express
Critical Security Flaws Discovered in Four VS Code Extensions Affecting Millions
Researchers have uncovered vulnerabilities in four widely used VS Code extensions, collectively installed more than 125 million times, raising renewed concerns about the security of the modern softwar ... Read more
-
The Cyber Express
Mozilla Firefox Issues Emergency Patch for Heap Buffer Overflow in Firefox v147
Mozilla has released an out-of-band security update to address a critical vulnerability affecting its browser. The update, issued as Firefox v147.0.4, resolves a high-impact Heap buffer overflow flaw ... Read more
-
CybersecurityNews
Firefox v147.0.3 Released With Fix for Heap Buffer Overflow Vulnerability
Firefox v147.0.3 Released Mozilla has released Firefox version 147.0.3, addressing a critical memory-related flaw that could allow attackers to execute arbitrary code by exploiting a heap buffer overf ... Read more
The following table lists the changes that have been made to the
CVE-2026-2447 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Jun. 30, 2026
Action Type Old Value New Value Added Affected [{'cpes': ['cpe:/o:redhat:rhel_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server Optional (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v. 8.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus_long_life:8.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CRB (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ai_inference_server:3.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat AI Inference Server 3.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 10', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 6', 'defaultStatus': 'affected'}] Added CVSS V3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Added Reference https://access.redhat.com/errata/RHSA-2026:16174 Added Reference https://access.redhat.com/errata/RHSA-2026:3338 Added Reference https://access.redhat.com/errata/RHSA-2026:3339 Added Reference https://access.redhat.com/errata/RHSA-2026:3361 Added Reference https://access.redhat.com/errata/RHSA-2026:3491 Added Reference https://access.redhat.com/errata/RHSA-2026:3492 Added Reference https://access.redhat.com/errata/RHSA-2026:3493 Added Reference https://access.redhat.com/errata/RHSA-2026:3494 Added Reference https://access.redhat.com/errata/RHSA-2026:3495 Added Reference https://access.redhat.com/errata/RHSA-2026:3496 Added Reference https://access.redhat.com/errata/RHSA-2026:3497 Added Reference https://access.redhat.com/errata/RHSA-2026:3515 Added Reference https://access.redhat.com/errata/RHSA-2026:3516 Added Reference https://access.redhat.com/errata/RHSA-2026:3517 Added Reference https://access.redhat.com/errata/RHSA-2026:3967 Added Reference https://access.redhat.com/errata/RHSA-2026:3976 Added Reference https://access.redhat.com/errata/RHSA-2026:3978 Added Reference https://access.redhat.com/errata/RHSA-2026:3979 Added Reference https://access.redhat.com/errata/RHSA-2026:3980 Added Reference https://access.redhat.com/errata/RHSA-2026:3981 Added Reference https://access.redhat.com/errata/RHSA-2026:3982 Added Reference https://access.redhat.com/errata/RHSA-2026:3983 Added Reference https://access.redhat.com/errata/RHSA-2026:3984 Added Reference https://access.redhat.com/errata/RHSA-2026:4022 Added Reference https://access.redhat.com/errata/RHSA-2026:4152 Added Reference https://access.redhat.com/errata/RHSA-2026:4260 Added Reference https://access.redhat.com/errata/RHSA-2026:4432 Added Reference https://access.redhat.com/errata/RHSA-2026:4447 Added Reference https://access.redhat.com/errata/RHSA-2026:4629 Added Reference https://access.redhat.com/errata/RHSA-2026:5227 Added Reference https://access.redhat.com/errata/RHSA-2026:5228 Added Reference https://access.redhat.com/errata/RHSA-2026:5229 Added Reference https://access.redhat.com/errata/RHSA-2026:5230 Added Reference https://access.redhat.com/errata/RHSA-2026:5231 Added Reference https://access.redhat.com/errata/RHSA-2026:5319 Added Reference https://access.redhat.com/errata/RHSA-2026:5320 Added Reference https://access.redhat.com/errata/RHSA-2026:5323 Added Reference https://access.redhat.com/errata/RHSA-2026:5324 Added Reference https://access.redhat.com/errata/RHSA-2026:5326 Added Reference https://access.redhat.com/errata/RHSA-2026:8746 Added Reference https://access.redhat.com/errata/RHSA-2026:8747 Added Reference https://access.redhat.com/errata/RHSA-2026:8748 Added Reference https://access.redhat.com/security/cve/CVE-2026-2447 Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2440219 Added Reference https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2447.json -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 17, 2026
Action Type Old Value New Value Added SSVC {'id': 'CVE-2026-2447', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-02-17T14:52:59.556198Z'} -
CVE Modified by [email protected]
Jun. 17, 2026
Action Type Old Value New Value Added Affected [{'vendor': 'Mozilla', 'product': 'Firefox', 'versions': [{'status': 'unaffected', 'version': '115.32.1', 'versionType': 'rpm', 'lessThanOrEqual': '115.*'}, {'status': 'unaffected', 'version': '140.7.1', 'versionType': 'rpm', 'lessThanOrEqual': '140.*'}, {'status': 'unaffected', 'version': '147.0.4', 'versionType': 'rpm', 'lessThanOrEqual': '*'}]}, {'vendor': 'Mozilla', 'product': 'Thunderbird', 'versions': [{'status': 'unaffected', 'version': '140.7.2', 'versionType': 'rpm', 'lessThanOrEqual': '140.*'}, {'status': 'unaffected', 'version': '147.0.2', 'versionType': 'rpm', 'lessThanOrEqual': '*'}]}] -
CVE Modified by [email protected]
Apr. 13, 2026
Action Type Old Value New Value Changed Description Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2. Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2. -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Feb. 22, 2026
Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2026/02/msg00028.html -
Initial Analysis by [email protected]
Feb. 18, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* versions up to (excluding) 147.0.4 *cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to (excluding) 140.7.2 *cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions from (including) 141.0 up to (excluding) 147.0.2 *cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* versions up to (excluding) 115.32.1 *cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* versions from (including) 116.0 up to (excluding) 140.7.1 Added Reference Type Mozilla Corporation: https://bugzilla.mozilla.org/show_bug.cgi?id=2014390 Types: Issue Tracking, Permissions Required Added Reference Type Mozilla Corporation: https://www.mozilla.org/security/advisories/mfsa2026-10/ Types: Vendor Advisory Added Reference Type Mozilla Corporation: https://www.mozilla.org/security/advisories/mfsa2026-11/ Types: Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Feb. 17, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Added CWE CWE-122 -
CVE Modified by [email protected]
Feb. 16, 2026
Action Type Old Value New Value Changed Description Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, and Firefox ESR < 115.32.1. Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2. Added Reference https://www.mozilla.org/security/advisories/mfsa2026-11/ -
New CVE Received by [email protected]
Feb. 16, 2026
Action Type Old Value New Value Added Description Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, and Firefox ESR < 115.32.1. Added Reference https://bugzilla.mozilla.org/show_bug.cgi?id=2014390 Added Reference https://www.mozilla.org/security/advisories/mfsa2026-10/