Описание
Security update for libaom
This update for libaom fixes the following issues:
- CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Manager Proxy 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.5
Ссылки
- Link for SUSE-SU-2024:2052-1
- E-Mail link for SUSE-SU-2024:2052-1
- SUSE Security Ratings
- SUSE Bug 1226020
- SUSE CVE CVE-2024-5171 page
Описание
Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.
Затронутые продукты
Ссылки
- CVE-2024-5171
- SUSE Bug 1226020