Lucene search

Veracode Vulnerability DatabaseVERACODE:45090

HistoryJan 19, 2024 - 10:58 a.m.

Heap Buffer Overflow

2024-01-1910:58:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libaom.so

heap overflow

multi-threaded

frame resizing

vulnerability

input validation

crash

application

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

libaom.so is vulnerable to Heap Overflow. The vulnerability is due to improper input validation during resizing of frames, while performing multi-threaded encode. The attacker can perform a heap overflow & crash the application by exploiting this vulnerability.

CPENameOperatorVersion
libaom.sole3.7.0
libaom.sole3.7.0

CPE	Name	Operator	Version
	libaom.so	le	3.7.0
	libaom.so	le	3.7.0

References

aomedia.googlesource.com/aom/+/28b4f284d10b982d9669a772b2b44059bf2e0cfd

aomedia.googlesource.com/aom/+/refs/tags/v3.7.1

bugs.chromium.org/p/aomedia/issues/detail?id=3491

bugzilla.suse.com/show_bug.cgi?id=1218429

crbug.com/aomedia/3491

lists.fedoraproject.org/archives/list/[email protected]/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/

lists.fedoraproject.org/archives/list/[email protected]/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

Related for VERACODE:45090