[Bug 1218303] New: VUL-0: CVE-2023-6704: libavif,chromium,ungoogled-chromium: use after free in libavif
https://bugzilla.suse.com/show_bug.cgi?id=1218303 Bug ID: 1218303 Summary: VUL-0: CVE-2023-6704: libavif,chromium,ungoogled-chromium: use after free in libavif Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: aaronpuchert@alice-dsl.net, andrea.mattiazzo@suse.com, Andreas.Stieger@gmx.de, gmbr3@opensuse.org, security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- It was reported that libavif before 1.0.3, and as bundled in Chromium, contained a use-after-free bug. colorProperties could be pointing to a dangling pointer if findAlphaItem() resizes the meta.items array. Also bundled in chromium, see bug 1218048 References: https://github.com/AOMediaCodec/libavif/pull/1808 https://github.com/AOMediaCodec/libavif/commit/b984f48be99b41405cb4a7d443806... https://github.com/AOMediaCodec/libavif/releases/tag/v1.0.3 https://bugs.chromium.org/p/chromium/issues/detail?id=1504792 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 https://bugzilla.suse.com/show_bug.cgi?id=1218303#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(security-team@sus | |e.de) --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Security team, please locate the SLE bugowner of SUSE:SLE-15-SP4:Update/libavif 0.9.3 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 Aaron Puchert <aaronpuchert@alice-dsl.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|aaronpuchert@alice-dsl.net | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 Bruno Pitrus <brunopitrus@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |brunopitrus@hotmail.com Summary|VUL-0: CVE-2023-6704: |VUL-0: CVE-2023-6704: |libavif,chromium,ungoogled- |libavif,chromium,ungoogled- |chromium: use after free in |chromium,nodejs-electron: |libavif |use after free in libavif -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 https://bugzilla.suse.com/show_bug.cgi?id=1218303#c3 --- Comment #3 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138331 Factory / chromium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 https://bugzilla.suse.com/show_bug.cgi?id=1218303#c4 --- Comment #4 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138394 Factory / chromium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 https://bugzilla.suse.com/show_bug.cgi?id=1218303#c5 --- Comment #5 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138475 Factory / chromium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 https://bugzilla.suse.com/show_bug.cgi?id=1218303#c6 --- Comment #6 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138548 Backports:SLE-15-SP5 / chromium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 https://bugzilla.suse.com/show_bug.cgi?id=1218303#c7 --- Comment #7 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138553 Factory / ungoogled-chromium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 https://bugzilla.suse.com/show_bug.cgi?id=1218303#c8 --- Comment #8 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138570 Backports:SLE-15-SP5 / chromium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 https://bugzilla.suse.com/show_bug.cgi?id=1218303#c9 --- Comment #9 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1218303) was mentioned in https://build.opensuse.org/request/show/1138578 Factory / ungoogled-chromium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218303 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|Andreas.Stieger@gmx.de | -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com