CVE-2024-5197

Published: 3 June 2024

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

Notes

Author	Note
mdeslaur	This also affects the aom package with CVE-2024-5171

Priority

Status

Package	Release	Status
libvpx Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Released (1.8.2-1ubuntu0.3)
	jammy	Released (1.11.0-2ubuntu2.3)
	mantic	Released (1.12.0-1ubuntu2.1)
	noble	Released (1.14.0-1ubuntu2.1)
	trusty	Needs triage
	upstream	Released (1.14.1-1)
	xenial	Needs triage
	Patches: upstream: https://chromium-review.googlesource.com/c/webm/libvpx/+/5446333 upstream: https://chromium-review.googlesource.com/c/webm/libvpx/+/5446418 upstream: https://chromium-review.googlesource.com/c/webm/libvpx/+/5449900 upstream: https://chromium-review.googlesource.com/c/webm/libvpx/+/5553045 upstream: https://chromium-review.googlesource.com/c/webm/libvpx/+/5555762 upstream: https://chromium-review.googlesource.com/c/webm/libvpx/+/5555763 upstream: https://github.com/webmproject/libvpx/commit/c5640e3300690705c336966e2a8bb346a388c829 upstream: https://github.com/webmproject/libvpx/commit/9d7054c0cb83665a74cf6f59b6261f455e692149 upstream: https://github.com/webmproject/libvpx/commit/61c4d556bd03b97d84e3fa49180d14bde5a62baa

References

Bugs

https://issues.chromium.org/issues/332382766

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›