Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-9827

Опубликовано: 18 нояб. 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-9827: libvpx security update (MODERATE)

[1.9.0-8]

  • Add patch to fix integer overflows.
  • Disable LTO to fix build
  • Resolves: RHEL-58144

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

libvpx

1.9.0-8.el9_5

libvpx-devel

1.9.0-8.el9_5

Oracle Linux x86_64

libvpx

1.9.0-8.el9_5

libvpx-devel

1.9.0-8.el9_5

Связанные CVE

CVE-2024-5197

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2024-5197

CVSS3: 9.1
ubuntu
больше 1 года назад

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

redhat логотип

CVE-2024-5197

CVSS3: 7.1
redhat
больше 1 года назад

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

nvd логотип

CVE-2024-5197

CVSS3: 9.1
nvd
больше 1 года назад

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

debian логотип

CVE-2024-5197

CVSS3: 9.1
debian
больше 1 года назад

There exists interger overflows in libvpx in versions prior to 1.14.1. ...

rocky логотип

RLSA-2024:9827

rocky
10 месяцев назад

Moderate: libvpx security update