Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:2408-1

Опубликовано: 11 июл. 2024
Источник: suse-cvrf

Описание

Security update for libvpx

This update for libvpx fixes the following issues:

  • CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879).
  • CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403).

Список пакетов

SUSE Enterprise Storage 7.1
libvpx-devel-1.6.1-150000.6.16.1
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libvpx-devel-1.6.1-150000.6.16.1
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libvpx-devel-1.6.1-150000.6.16.1
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libvpx-devel-1.6.1-150000.6.16.1
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libvpx-devel-1.6.1-150000.6.16.1
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libvpx-devel-1.6.1-150000.6.16.1
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libvpx-devel-1.6.1-150000.6.16.1
libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libvpx4-1.6.1-150000.6.16.1

Ссылки

Описание

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

Затронутые продукты
SUSE Enterprise Storage 7.1:libvpx-devel-1.6.1-150000.6.16.1
SUSE Enterprise Storage 7.1:libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libvpx-devel-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libvpx4-1.6.1-150000.6.16.1
Ссылки

Описание

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

Затронутые продукты
SUSE Enterprise Storage 7.1:libvpx-devel-1.6.1-150000.6.16.1
SUSE Enterprise Storage 7.1:libvpx4-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libvpx-devel-1.6.1-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libvpx4-1.6.1-150000.6.16.1
Ссылки