Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-5171
HistoryJun 04, 2024 - 12:00 a.m.

CVE-2024-5171

2024-06-0400:00:00
ubuntu.com
ubuntu.com
17
vulnerability
cve-2024-5171
security
unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

26.1%

Integer overflow in libaom internal function img_alloc_helper can lead to
heap buffer overflow. This function can be reached via 3 callers: * Calling
aom_img_alloc() with a large value of the d_w, d_h, or align parameter may
result in integer overflows in the calculations of buffer sizes and offsets
and some fields of the returned aom_image_t struct may be invalid. *
Calling aom_img_wrap() with a large value of the d_w, d_h, or align
parameter may result in integer overflows in the calculations of buffer
sizes and offsets and some fields of the returned aom_image_t struct may be
invalid. * Calling aom_img_alloc_with_border() with a large value of the
d_w, d_h, align, size_align, or border parameter may result in integer
overflows in the calculations of buffer sizes and offsets and some fields
of the returned aom_image_t struct may be invalid.

Bugs

Notes

Author Note
mdeslaur per the google bug, also appears to affect libvpx which is CVE-2024-5197
OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchaom< anyUNKNOWN
ubuntu22.04noarchaom< anyUNKNOWN
ubuntu24.04noarchaom< 3.8.2-2ubuntu0.1UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

26.1%