CVE-2024-5171 — Improper Input Validation in Libaom

CWE-20 — Improper Input Validation CWE-190 — Integer Overflow or Wraparound CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

10.0CRITICALNVD

EPSS

0.2%

top 56.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libaom Debian AOM Aomedia Libaom

Timeline

PublishedJun 5

Latest updateMar 31

Description

Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculation…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages3 packages

▶CVEListV5libaom/libaom1.0.0 — 3.9.0

▶NVDaomedia/libaom1.0.0 — 3.9.0

▶debiandebian/aom< aom 3.6.0-1+deb12u1 (bookworm)

🔴Vulnerability Details

OSV

CVE-2024-5171: Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow↗2024-06-05

▶

OSV

CVE-2024-5171: Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow↗2024-06-05

▶

GHSA

GHSA-592c-fmq9-g63c: Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow↗2024-06-05

▶

📋Vendor Advisories

Ubuntu

AOM vulnerability↗2025-03-31

▶

Red Hat

libaom: Integer overflow in internal function img_alloc_helper↗2024-06-05

▶

Debian

CVE-2024-5171: aom - Integer overflow in libaom internal function img_alloc_helper can lead to heap b...↗2024

▶