Bugzilla – Bug 1217614
VUL-0: CVE-2023-6350: libavif,chromium,ungoogled-chromium,nodejs-electron: Out of bounds memory to alphaItemIndices
Last modified: 2023-12-11 13:00:13 UTC
An out of bounds memory access was reported in libavif (and bundled in Chromium). CVE-2023-6350 was assigned to this issue. Apparently: https://github.com/AOMediaCodec/libavif/commit/95e5ce8ae7a9bfa5ee6537a2e8253b7e2155a7cc SUSE:SLE-15-SP4:Update/libavif has 0.9.3 Chromium builds with the bundled libavif and needs a fix. References: https://github.com/AOMediaCodec/libavif/pull/1764 https://crbug.com/1501766 https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html https://github.com/AOMediaCodec/libavif/releases/tag/v1.0.2
libavif bump: https://build.opensuse.org/request/show/1129665
Submitted to Factory. SUSE:SLE-15-SP4:Update/libavif has 0.9.3, security team can you evaluate and find the SLE bugowner?
This is an autogenerated message for OBS integration: This bug (1217614) was mentioned in https://build.opensuse.org/request/show/1129722 Factory / chromium https://build.opensuse.org/request/show/1129724 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / chromium
This is an autogenerated message for OBS integration: This bug (1217614) was mentioned in https://build.opensuse.org/request/show/1129955 Factory / ungoogled-chromium
openSUSE-SU-2023:0387-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1217614,1217615,1217616 CVE References: CVE-2023-6345,CVE-2023-6346,CVE-2023-6347,CVE-2023-6348,CVE-2023-6350,CVE-2023-6351 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): chromium-119.0.6045.199-bp155.2.61.1 openSUSE Backports SLE-15-SP4 (src): chromium-119.0.6045.199-bp154.2.147.1