NVD - CVE-2025-5262

DRANK

DescriptionA double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 139 and Thunderbird < 128.11.Metrics NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.CVSS 4.0 Severity and Vector Strings:CVSS 3.x Severity and Vector Strings:CVSS 2.0 Severity and Vector Strings:Weakness EnumerationCWE-IDCWE NameSourceCWE-415Double FreeCISA-ADP  Change History8 change records found show changesInitial Analysis by NIST 9/19/2025 1:18:14 PMActionTypeOld ValueNew ValueAddedCPE ConfigurationOR *cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* versions up to (excluding) 139.0 *cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:* versions up to (excluding) 128.11.0AddedReference TypeMozilla Cor…