| Bug ID | 1218303 |
|---|---|
| Summary | VUL-0: CVE-2023-6704: libavif,chromium,ungoogled-chromium: use after free in libavif |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.5 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Major |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | Andreas.Stieger@gmx.de |
| QA Contact | qa-bugs@suse.de |
| CC | aaronpuchert@alice-dsl.net, andrea.mattiazzo@suse.com, Andreas.Stieger@gmx.de, gmbr3@opensuse.org, security-team@suse.de |
| Target Milestone | --- |
| Found By | --- |
| Blocker | --- |
It was reported that libavif before 1.0.3, and as bundled in Chromium, contained a use-after-free bug. colorProperties could be pointing to a dangling pointer if findAlphaItem() resizes the meta.items array. Also bundled in chromium, see bug 1218048 References: https://github.com/AOMediaCodec/libavif/pull/1808 https://github.com/AOMediaCodec/libavif/commit/b984f48be99b41405cb4a7d443806e01b46936fb https://github.com/AOMediaCodec/libavif/releases/tag/v1.0.3 https://bugs.chromium.org/p/chromium/issues/detail?id=1504792