PT-2021-7909 · Libaom+4 · Libaom+4

Published

2021-06-02

Updated

2024-06-15

CVE-2021-30474

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libaom versions prior to 2021-03-30

Description The issue is related to a use-after-free in the aom dsp/grain table.c component of the libaom library, which implements the AV1 codec. This could allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 2021-03-30, update to a version released after 2021-03-30 to resolve the issue. As a temporary workaround, consider restricting access to the aom dsp/grain table.c component until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2023-05296

CVE-2021-30474

DLA-3556-1

DSA-5490-1

MGASA-2021-0352

MGASA-2021-0482

OPENSUSE-SU-2021:1359-1

OPENSUSE-SU-2021:3350-1

OPENSUSE-SU-2021_1359-1

OPENSUSE-SU-2021_3350-1

OPENSUSE-SU-2024:11642-1

SUSE-SU-2021:3350-1

SUSE-SU-2021_3350-1

USN-6447-1

Affected Products

Astra Linux

Linuxmint

Suse

Ubuntu

Libaom

PT-2021-7909 · Libaom+4 · Libaom+4

CVE-2021-30474

Weakness Enumeration

Related Identifiers

Affected Products

References · 50