Bug 1225403 (CVE-2023-6349) - VUL-0: CVE-2023-6349: libvpx: heap overflow when encoding a frame that has larger dimensions than the originally configured size
Summary: VUL-0: CVE-2023-6349: libvpx: heap overflow when encoding a frame that has la...
Status: NEW
Alias: CVE-2023-6349
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Adrian Schröter
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/407852/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-6349:8.8:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-27 17:26 UTC by SMASH SMASH
Modified: 2024-07-11 20:30 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-05-27 17:26:34 UTC 
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx.
We recommend upgrading to version 1.13.1 or above

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6349
https://www.cve.org/CVERecord?id=CVE-2023-6349
https://crbug.com/webm/1642
Comment 2 Camila Camargo de Matos 2024-05-27 17:30:01 UTC 
It seems like the commit that fixes this issue is commit 263682c9 [0].

[0] https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f
Comment 3 Adrian Schröter 2024-05-28 09:07:10 UTC 
"We recommend upgrading to version 1.13.1 or above"

this is just copy and paste and should be ignore, right?
It would change the soname at least for SLE-12 and SLE-15
Comment 4 Adrian Schröter 2024-05-28 09:38:08 UTC 
the referenced commit alone leads to a crash in test suite, looking ...
Comment 9 Adrian Schröter 2024-07-03 15:40:40 UTC 
request 337239 for SP4, test suite is suceeding now.
Comment 11 Adrian Schröter 2024-07-03 17:57:30 UTC 
request 337250 for SLE-15-SP0
Comment 14 Maintenance Automation 2024-07-11 12:30:14 UTC 
SUSE-SU-2024:2409-1: An update that solves three vulnerabilities can now be installed.

Category: security (important)
Bug References: 1216879, 1225403, 1225879
CVE References: CVE-2023-44488, CVE-2023-6349, CVE-2024-5197
Maintenance Incident: [SUSE:Maintenance:34567](https://smelt.suse.de/incident/34567/)
Sources used:
SUSE Manager Server 4.3 (src):
 libvpx-1.11.0-150400.3.7.1
openSUSE Leap 15.4 (src):
 libvpx-1.11.0-150400.3.7.1
openSUSE Leap 15.5 (src):
 libvpx-1.11.0-150400.3.7.1
openSUSE Leap 15.6 (src):
 libvpx-1.11.0-150400.3.7.1
Basesystem Module 15-SP5 (src):
 libvpx-1.11.0-150400.3.7.1
Basesystem Module 15-SP6 (src):
 libvpx-1.11.0-150400.3.7.1
SUSE Package Hub 15 15-SP5 (src):
 libvpx-1.11.0-150400.3.7.1
SUSE Package Hub 15 15-SP6 (src):
 libvpx-1.11.0-150400.3.7.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src):
 libvpx-1.11.0-150400.3.7.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src):
 libvpx-1.11.0-150400.3.7.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src):
 libvpx-1.11.0-150400.3.7.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src):
 libvpx-1.11.0-150400.3.7.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src):
 libvpx-1.11.0-150400.3.7.1
SUSE Manager Proxy 4.3 (src):
 libvpx-1.11.0-150400.3.7.1
SUSE Manager Retail Branch Server 4.3 (src):
 libvpx-1.11.0-150400.3.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Maintenance Automation 2024-07-11 20:30:07 UTC 
SUSE-SU-2024:2408-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1225403, 1225879
CVE References: CVE-2023-6349, CVE-2024-5197
Maintenance Incident: [SUSE:Maintenance:34569](https://smelt.suse.de/incident/34569/)
Sources used:
Desktop Applications Module 15-SP5 (src):
 libvpx-1.6.1-150000.6.16.1
Desktop Applications Module 15-SP6 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src):
 libvpx-1.6.1-150000.6.16.1
SUSE Enterprise Storage 7.1 (src):
 libvpx-1.6.1-150000.6.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.