https://bugzilla.suse.com/show_bug.cgi?id=1218303 Bug ID: 1218303 Summary: VUL-0: CVE-2023-6704: libavif,chromium,ungoogled-chromium: use after free in libavif Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: aaronpuchert@alice-dsl.net, andrea.mattiazzo@suse.com, Andreas.Stieger@gmx.de, gmbr3@opensuse.org, security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- It was reported that libavif before 1.0.3, and as bundled in Chromium, contained a use-after-free bug. colorProperties could be pointing to a dangling pointer if findAlphaItem() resizes the meta.items array. Also bundled in chromium, see bug 1218048 References: https://github.com/AOMediaCodec/libavif/pull/1808 https://github.com/AOMediaCodec/libavif/commit/b984f48be99b41405cb4a7d443806... https://github.com/AOMediaCodec/libavif/releases/tag/v1.0.3 https://bugs.chromium.org/p/chromium/issues/detail?id=1504792 -- You are receiving this mail because: You are on the CC list for the bug.