CRITICAL🇵🇱 Wersja polska

CVE-2024-5171

CVSS 10.0v4.0pub. 2024-06-05upd. 2024-11-21

Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.

🤖 AI Analysis
How it works

The vulnerability is triggered by calling one of three public library functions: aom_img_alloc(), aom_img_wrap(), or aom_img_alloc_with_border() with excessively large parameter values such as d_w, d_h, align, size_align, or border. Passing such values causes an integer overflow during buffer size calculations and offset computations, and some fields of the returned aom_image_t structure receive incorrect values. As a result, a write occurs beyond the boundaries of the allocated heap buffer (heap buffer overflow).

Impact

An attacker can achieve arbitrary code execution (RCE) or destabilize an application using the libaom library, potentially taking control of the victim's system. Due to the lack of authentication and user interaction requirements, the vulnerability is particularly dangerous in applications processing external video files or AV1 streaming data.

Mitigation & patch

Patches available from the vendor should be applied according to the references. Users of Fedora and Debian distributions should immediately update the libaom package to the version provided by distribution maintainers (details in fedora-package-announce and debian-lts-announce lists).

Who is affected

Aomedia libaom library — versions indicated in vendor references and distribution packages for Fedora and Debian (according to published security announcements).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Aomedia Libaom

    APP
    Aomedia
    1.0.0 – 3.9.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2023-6879CRITICAL9.0PL ✓ten sam vendor

Heap overflow w bibliotece AOM podczas zmiany rozdzielczości w wielowątkowym encode

CVE-2021-30475CRITICAL9.8ten sam vendor

aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.

CVE-2021-30474CRITICAL9.8ten sam vendor

aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.

CVE-2021-30473CRITICAL9.8ten sam vendor

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.

CVE-2023-39616HIGH7.5ten sam vendor

AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_fram...