Bugzilla – Bug 1218303
VUL-0: CVE-2023-6704: libavif,chromium,ungoogled-chromium,nodejs-electron: use after free in libavif
Last modified: 2024-02-21 05:47:50 UTC
It was reported that libavif before 1.0.3, and as bundled in Chromium, contained a use-after-free bug. colorProperties could be pointing to a dangling pointer if findAlphaItem() resizes the meta.items array. Also bundled in chromium, see bug 1218048 References: https://github.com/AOMediaCodec/libavif/pull/1808 https://github.com/AOMediaCodec/libavif/commit/b984f48be99b41405cb4a7d443806e01b46936fb https://github.com/AOMediaCodec/libavif/releases/tag/v1.0.3 https://bugs.chromium.org/p/chromium/issues/detail?id=1504792
Security team, please locate the SLE bugowner of SUSE:SLE-15-SP4:Update/libavif 0.9.3
libavif is for gnome bugs
This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138331 Factory / chromium
This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138394 Factory / chromium
This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138475 Factory / chromium
This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138548 Backports:SLE-15-SP5 / chromium
This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138553 Factory / ungoogled-chromium
This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138570 Backports:SLE-15-SP5 / chromium
This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138578 Factory / ungoogled-chromium
openSUSE-SU-2024:0020-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 1217839,1218048,1218302,1218303,1218533,1218719 CVE References: CVE-2023-6508,CVE-2023-6509,CVE-2023-6510,CVE-2023-6511,CVE-2023-6512,CVE-2023-6702,CVE-2023-6703,CVE-2023-6704,CVE-2023-6705,CVE-2023-6706,CVE-2023-6707,CVE-2023-7024,CVE-2024-0222,CVE-2024-0223,CVE-2024-0224,CVE-2024-0225,CVE-2024-0333 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): chromium-120.0.6099.216-bp155.2.64.1
SUSE-SU-2024:0423-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1218303 CVE References: CVE-2023-6704 Sources used: openSUSE Leap 15.4 (src): libavif-0.9.3-150400.3.3.1 openSUSE Leap 15.5 (src): libavif-0.9.3-150400.3.3.1 Basesystem Module 15-SP5 (src): libavif-0.9.3-150400.3.3.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): libavif-0.9.3-150400.3.3.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): libavif-0.9.3-150400.3.3.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): libavif-0.9.3-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): libavif-0.9.3-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): libavif-0.9.3-150400.3.3.1 SUSE Manager Proxy 4.3 (src): libavif-0.9.3-150400.3.3.1 SUSE Manager Retail Branch Server 4.3 (src): libavif-0.9.3-150400.3.3.1 SUSE Manager Server 4.3 (src): libavif-0.9.3-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.