UBUNTU-CVE-2024-5171
- Source
- https://ubuntu.com/security/CVE-2024-5171
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-5171.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-5171
- Related
- Published
- 2024-06-04T00:00:00Z
- Modified
- 2025-01-13T10:24:48Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Integer overflow in libaom internal function imgallochelper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aomimgalloc() with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aomimaget struct may be invalid. * Calling aomimgwrap() with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aomimaget struct may be invalid. * Calling aomimgallocwithborder() with a large value of the dw, dh, align, sizealign, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aomimage_t struct may be invalid.
- References
Affected packages
Ubuntu:20.04:LTS / aom
Package
- Name
- aom
- Purl
- pkg:deb/ubuntu/aom@1.0.0.errata1-3+deb11u1build0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS / aom
Package
- Name
- aom
- Purl
- pkg:deb/ubuntu/aom@3.3.0-1?arch=source&distro=jammy
Ubuntu:24.10 / aom
Package
- Name
- aom
- Purl
- pkg:deb/ubuntu/aom@3.8.2-2ubuntu1?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.2-2ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "3.8.2-2ubuntu1",
"binary_name": "aom-tools"
},
{
"binary_version": "3.8.2-2ubuntu1",
"binary_name": "aom-tools-dbgsym"
},
{
"binary_version": "3.8.2-2ubuntu1",
"binary_name": "libaom-dev"
},
{
"binary_version": "3.8.2-2ubuntu1",
"binary_name": "libaom-doc"
},
{
"binary_version": "3.8.2-2ubuntu1",
"binary_name": "libaom3"
},
{
"binary_version": "3.8.2-2ubuntu1",
"binary_name": "libaom3-dbgsym"
}
]
}
Ubuntu:24.04:LTS / aom
Package
- Name
- aom
- Purl
- pkg:deb/ubuntu/aom@3.8.2-2ubuntu0.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.2-2ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "3.8.2-2ubuntu0.1",
"binary_name": "aom-tools"
},
{
"binary_version": "3.8.2-2ubuntu0.1",
"binary_name": "aom-tools-dbgsym"
},
{
"binary_version": "3.8.2-2ubuntu0.1",
"binary_name": "libaom-dev"
},
{
"binary_version": "3.8.2-2ubuntu0.1",
"binary_name": "libaom-doc"
},
{
"binary_version": "3.8.2-2ubuntu0.1",
"binary_name": "libaom3"
},
{
"binary_version": "3.8.2-2ubuntu0.1",
"binary_name": "libaom3-dbgsym"
}
]
}