CVE-2024-5171

heap buffer overflow in libaom

Description

Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.

INFO

Published Date :

2024-06-05T19:11:12.987Z

Last Modified :

2025-02-13T17:53:49.724Z

Source :

Google

AFFECTED PRODUCTS

The following products are affected by CVE-2024-5171 vulnerability.

Vendors	Products
Aomedia	Libaom

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-5171.

URL	Resource
https://issues.chromium.org/issues/332382766
https://lists.debian.org/debian-lts-announce/2024/09/msg00024.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/
https://lists.fedoraproject.org/archives/list/[email protected]/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/
https://nvd.nist.gov/vuln/detail/CVE-2024-5171
https://www.cve.org/CVERecord?id=CVE-2024-5171