CVE-2023-39616 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Aomedia

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 89.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian AOM Aomedia

Timeline

PublishedAug 29

Description

AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDaomedia/aomedia3.0.0 — 3.5.0

▶debiandebian/aom< aom 3.7.0-1 (forky)

Patches

Patch: bugs.chromium.org ↗Patch: bugs.chromium.org ↗

🔴Vulnerability Details

GHSA

GHSA-8gm5-9276-cvrc: AOMedia v3↗2023-08-29

▶

OSV

CVE-2023-39616: AOMedia v3↗2023-08-29

▶

📋Vendor Advisories

Debian

CVE-2023-39616: aom - AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access...↗2023

▶