MGASA-2024-0220

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0220.html

Import Source

https://advisories.mageia.org/MGASA-2024-0220.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0220

Related

CVE-2024-5171

Published

2024-06-14T17:30:25Z

Modified

2024-06-14T17:03:52Z

Summary

Updated aom packages fix security vulnerability

Details

Integer overflow in libaom internal function imgallochelper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aomimgalloc() with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aomimaget struct may be invalid. * Calling aomimgwrap() with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aomimaget struct may be invalid. * Calling aomimgallocwithborder() with a large value of the dw, dh, align, sizealign, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aomimage_t struct may be invalid. (CVE-2024-5171)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / aom

Package

Name: aom
Purl: pkg:rpm/mageia/aom?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.0-1.1.mga9

Ecosystem specific

{
    "section": "core"
}