Lucene search

K

Veracode Vulnerability DatabaseVERACODE:45090

HistoryJan 19, 2024 - 10:58 a.m.

Heap Buffer Overflow

2024-01-1910:58:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

libaom.so

heap overflow

multi-threaded

frame resizing

vulnerability

input validation

crash

application

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

24.9%

libaom.so is vulnerable to Heap Overflow. The vulnerability is due to improper input validation during resizing of frames, while performing multi-threaded encode. The attacker can perform a heap overflow & crash the application by exploiting this vulnerability.

References

aomedia.googlesource.com/aom/+/28b4f284d10b982d9669a772b2b44059bf2e0cfd

aomedia.googlesource.com/aom/+/refs/tags/v3.7.1

bugs.chromium.org/p/aomedia/issues/detail?id=3491

bugzilla.suse.com/show_bug.cgi?id=1218429

crbug.com/aomedia/3491

lists.fedoraproject.org/archives/list/[email protected]/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/

lists.fedoraproject.org/archives/list/[email protected]/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

24.9%

Related for VERACODE:45090

nvd1 cvelist1 debiancve1 ubuntucve1 nessus3 redhatcve1 prion1 cve1 fedora2 openvas2