Bugzilla – Bug 1226021
VUL-0: CVE-2024-5171: chromium,libaom,libvpx: heap buffer overflow in img_alloc_helper() caused by integer overflow
Last modified: 2024-06-06 09:58:08 UTC
+++ This bug was initially created as a clone of Bug #1226020 +++ Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-5171 https://www.cve.org/CVERecord?id=CVE-2024-5171 https://issues.chromium.org/issues/332382766
probably not relevant at the moment, as it is dev channel only. Probably will be released at one point though.. Leaving the bug open for now
- libaom: CVE-2024-5171 bug 1226020 - libvpx: CVE-2024-5197 bug 1225879