Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-5197
HistoryJun 03, 2024 - 12:00 a.m.

CVE-2024-5197

2024-06-0300:00:00
ubuntu.com
ubuntu.com
7
integer overflow
libvpx
buffer sizes

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

26.1%

There exists interger overflows in libvpx in versions prior to 1.14.1.
Calling vpx_img_alloc() with a large value of the d_w, d_h, or align
parameter may result in integer overflows in the calculations of buffer
sizes and offsets and some fields of the returned vpx_image_t struct may be
invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or
stride_align parameter may result in integer overflows in the calculations
of buffer sizes and offsets and some fields of the returned vpx_image_t
struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

Bugs

Notes

Author Note
mdeslaur This also affects the aom package with CVE-2024-5171
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlibvpx< anyUNKNOWN
ubuntu20.04noarchlibvpx< 1.8.2-1ubuntu0.3UNKNOWN
ubuntu22.04noarchlibvpx< 1.11.0-2ubuntu2.3UNKNOWN
ubuntu23.10noarchlibvpx< 1.12.0-1ubuntu2.1UNKNOWN
ubuntu24.04noarchlibvpx< 1.14.0-1ubuntu2.1UNKNOWN
ubuntu14.04noarchlibvpx< anyUNKNOWN
ubuntu16.04noarchlibvpx< anyUNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

26.1%