CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
24.9%
libaom.so is vulnerable to Heap Overflow. The vulnerability is due to improper input validation during resizing of frames, while performing multi-threaded encode. The attacker can perform a heap overflow & crash the application by exploiting this vulnerability.
aomedia.googlesource.com/aom/+/28b4f284d10b982d9669a772b2b44059bf2e0cfd
aomedia.googlesource.com/aom/+/refs/tags/v3.7.1
bugs.chromium.org/p/aomedia/issues/detail?id=3491
bugzilla.suse.com/show_bug.cgi?id=1218429
crbug.com/aomedia/3491
lists.fedoraproject.org/archives/list/[email protected]/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/
lists.fedoraproject.org/archives/list/[email protected]/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/