Mageia 9: MGASA-2024-0221 Moderate: libvpx Integer Overflow Risk

mageia

June 14, 2024

There exists integer overflows in libvpx in versions prior to 1.14.1

Summary

There exists integer overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. (CVE-2024-5197)

References

- https://bugs.mageia.org/show_bug.cgi?id=33281

- https://ubuntu.com/security/notices/USN-6814-1

- https://www.cve.org/CVERecord?id=CVE-2024-5197

Topics Covered

security advisory update integer overflow libvpx Mageia

Resolution

SRPMS

- 9/core/libvpx-1.12.0-1.3.mga9

Publication date: 14 Jun 2024

URL: https://advisories.mageia.org/MGASA-2024-0221.html

Type: security

CVE: CVE-2024-5197

Topics Covered

security advisory update integer overflow libvpx Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 9: MGASA-2024-0221 Moderate: libvpx Integer Overflow Risk

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 9: MGASA-2024-0221 Moderate: libvpx Integer Overflow Risk

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!