CVE-2024-5171: heap buffer overflow in libaom

10.0 CVSS

Description

Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:

* Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.
* Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.
* Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.

Classification

CVE ID: CVE-2024-5171

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Products

Vendor: libaom

Product: libaom

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 28.39% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://issues.chromium.org/issues/332382766
https://lists.fedoraproject.org/archives/list/[email protected]/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/
https://lists.fedoraproject.org/archives/list/[email protected]/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/

Timeline

2025-02-14 00:32:27 UTC
CVE

heap buffer overflow in libaom