Bug 1217614 (CVE-2023-6350)

Summary: VUL-0: CVE-2023-6350: libavif,chromium,ungoogled-chromium,nodejs-electron: Out of bounds memory to alphaItemIndices
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: E-mail List <gnome-bugs>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: abergmann, asn, brunopitrus, gianluca.gabrielli, gmbr3, m.szczepaniak.000, security-team
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
See Also: https://bugzilla.opensuse.org/show_bug.cgi?id=1217616
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2023-11-28 20:34:55 UTC 
An out of bounds memory access was reported in libavif (and bundled in Chromium). CVE-2023-6350 was assigned to this issue.

Apparently: https://github.com/AOMediaCodec/libavif/commit/95e5ce8ae7a9bfa5ee6537a2e8253b7e2155a7cc

SUSE:SLE-15-SP4:Update/libavif has 0.9.3
Chromium builds with the bundled libavif and needs a fix.

References:
https://github.com/AOMediaCodec/libavif/pull/1764
https://crbug.com/1501766
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
https://github.com/AOMediaCodec/libavif/releases/tag/v1.0.2
Comment 1 Andreas Stieger 2023-11-28 20:50:04 UTC 
libavif bump: https://build.opensuse.org/request/show/1129665
Comment 2 Andreas Stieger 2023-11-29 07:24:05 UTC 
Submitted to Factory. SUSE:SLE-15-SP4:Update/libavif has 0.9.3, security team can you evaluate and find the SLE bugowner?
Comment 3 OBSbugzilla Bot 2023-11-29 08:15:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1217614) was mentioned in
https://build.opensuse.org/request/show/1129722 Factory / chromium
https://build.opensuse.org/request/show/1129724 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / chromium
Comment 6 OBSbugzilla Bot 2023-11-30 10:15:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1217614) was mentioned in
https://build.opensuse.org/request/show/1129955 Factory / ungoogled-chromium
Comment 7 Marcus Meissner 2023-11-30 17:05:00 UTC 
openSUSE-SU-2023:0387-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1217614,1217615,1217616
CVE References: CVE-2023-6345,CVE-2023-6346,CVE-2023-6347,CVE-2023-6348,CVE-2023-6350,CVE-2023-6351
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-119.0.6045.199-bp155.2.61.1
openSUSE Backports SLE-15-SP4 (src):    chromium-119.0.6045.199-bp154.2.147.1