Skip to content
libvdpau versions 1.1 and earlier, when used in setuid or setgid applications,
contain vulnerabilities related to environment variable handling that could
allow an attacker to execute arbitrary code or overwrite arbitrary files.  See
CVE-2015-5198, CVE-2015-5199, and CVE-2015-5200 for more details.

This release uses the secure_getenv() function, when available, to fix these
problems. On platforms where secure_getenv() is not available, libvdpau will use
a fallback implementation.

If you use the NVIDIA .run installer packages, please see for additional information.

This release also adds tracing of HEVC picture structures to libvdpau_trace.