[Bug 1187918] New: VUL-1: CVE-2020-36407: libavif: out-of-bounds write in avifDecoderDataFillImageGrid()
http://bugzilla.opensuse.org/show_bug.cgi?id=1187918 Bug ID: 1187918 Summary: VUL-1: CVE-2020-36407: libavif: out-of-bounds write in avifDecoderDataFillImageGrid() Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other URL: https://smash.suse.de/issue/303339/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: rfrohl@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2020-36407 libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36407 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24811 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36407 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2020-15... https://github.com/AOMediaCodec/libavif/commit/0a8e7244d494ae98e9756355dfbfb... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1187918 http://bugzilla.opensuse.org/show_bug.cgi?id=1187918#c1 Robert Frohl <rfrohl@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Assignee|security-team@suse.de |asn@cryptomilk.org --- Comment #1 from Robert Frohl <rfrohl@suse.com> --- not relevant, we are on 0.9.x everywhere. closing. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com