CVE-2023-6879

NameCVE-2023-6879
DescriptionIncreasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
aom (PTS)bullseye1.0.0.errata1-3+deb11u1vulnerable
bullseye (security)1.0.0.errata1-3+deb11u2vulnerable
bookworm, bookworm (security)3.6.0-1+deb12u1vulnerable
sid, trixie3.9.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
aomsource(unstable)3.7.1-1

Notes

[bookworm] - aom <no-dsa> (Minor issue)
[bullseye] - aom <no-dsa> (Minor issue)
[buster] - aom <postponed> (Minor issue)
https://crbug.com/aomedia/3491
Fixed by: https://aomedia.googlesource.com/aom/+/7ae7bef246e85c8f349513d668b4571c79a43c5c (v3.7.1-rc1)
Followup: https://aomedia.googlesource.com/aom/+/24467e8ac3b0f6f5d09457d342327393b8e3da3d (v3.7.1-rc1)
Tests: https://aomedia.googlesource.com/aom/+/8b9ea452396a00f2d019b8b11b8876d363d62659 (v3.7.1-rc1)

Search for package or bug name: Reporting problems