CVE-2024-5171

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions libaom (affected versions not specified)

Description The issue is related to an integer overflow in the libaom internal function img alloc helper, which can lead to a heap buffer overflow. This function can be reached via three callers: aom img alloc(), aom img wrap(), and aom img alloc with border(), with large values of parameters such as d w, d h, or align resulting in integer overflows in buffer size and offset calculations. Some fields of the returned aom image t struct may be invalid. The vulnerability can be exploited by an attacker to potentially execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Integer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-190CWE-122

Related Identifiers

ALT-PU-2024-11403

ALT-PU-2024-11407

ALT-PU-2025-8126

AZL-62420

BDU:2024-04523

CVE-2024-5171

DLA-3881-1

DSA-5753-1

MGASA-2024-0220

OESA-2024-1949

OPENSUSE-SU-2024_2052-1

OPENSUSE-SU-2024_2056-1

SUSE-SU-2024:2030-1

SUSE-SU-2024:2052-1

SUSE-SU-2024:2056-1

SUSE-SU-2024_2030-1

SUSE-SU-2024_2052-1

SUSE-SU-2024_2056-1

USN-6815-1

USN-7397-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Libaom

CVE-2024-5171

Weakness Enumeration

Related Identifiers

Affected Products

References · 65