Bug ID 1226021
Summary VUL-0: CVE-2024-5171: chromium: libaom: heap buffer overflow in img_alloc_helper() caused by integer overflow
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
URL https://smash.suse.de/issue/408840/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee Andreas.Stieger@gmx.de
Reporter rfrohl@suse.com
QA Contact qa-bugs@suse.de
CC coldpool@suse.de, rfrohl@suse.com, security-team@suse.de, smash_bz@suse.de
Depends on 1226020
Target Milestone ---
Found By Security Response Team
Blocker --- 

+++ This bug was initially created as a clone of Bug #1226020 +++

Integer overflow in libaom internal function img_alloc_helper can lead to heap
buffer overflow. This function can be reached via 3 callers:


  *  Calling aom_img_alloc() with a large value of the d_w, d_h, or align
parameter may result in integer overflows in the calculations of buffer sizes
and offsets and some fields of the returned aom_image_t struct may be invalid.
  *  Calling aom_img_wrap() with a large value of the d_w, d_h, or align
parameter may result in integer overflows in the calculations of buffer sizes
and offsets and some fields of the returned aom_image_t struct may be invalid.
  *  Calling aom_img_alloc_with_border() with a large value of the d_w, d_h,
align, size_align, or border parameter may result in integer overflows in the
calculations of buffer sizes and offsets and some fields of the returned
aom_image_t struct may be invalid.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-5171
https://www.cve.org/CVERecord?id=CVE-2024-5171
https://issues.chromium.org/issues/332382766

You are receiving this mail because: