CVE-2024-5197Integer Overflow or Wraparound in Libvpx

CWE-190Integer Overflow or Wraparound8 documents7 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 44.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Chromium LibvpxWebmproject LibvpxDebian Linux
Timeline
PublishedJun 3
Latest updateFeb 3

Description

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_im

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N

Affected Packages3 packages

CVEListV5chromium/libvpx< 1.14.1
NVDwebmproject/libvpx< 1.14.1
Debianwebmproject/libvpx< 1.9.0-1+deb11u3+3

Also affects: Debian Linux 10.0

🔴Vulnerability Details

3
GHSA
GHSA-4h58-f788-v8pw: There exists interger overflows in libvpx in versions prior to 12024-06-03
OSV
CVE-2024-5197: There exists interger overflows in libvpx in versions prior to 12024-06-03
CVEList
Integer overflow in libvpx2024-06-03

📋Vendor Advisories

4
Ubuntu
libvpx vulnerability2025-02-03
Ubuntu
libvpx vulnerability2024-06-06
Red Hat
libvpx: Integer overflow in vpx_img_alloc()2024-06-04
Debian
CVE-2024-5197: libvpx - There exists interger overflows in libvpx in versions prior to 1.14.1. Calling v...2024
CVE-2024-5197 — Integer Overflow or Wraparound | cvebase