| Name | CVE-2023-6879 |
| Description | Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| aom (PTS) | bullseye | 1.0.0.errata1-3+deb11u1 | vulnerable |
| bullseye (security) | 1.0.0.errata1-3+deb11u2 | vulnerable |
| bookworm, bookworm (security) | 3.6.0-1+deb12u1 | vulnerable |
| sid, trixie | 3.10.0-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| aom | source | (unstable) | 3.7.1-1 | | | |
Notes
[bookworm] - aom <no-dsa> (Minor issue)
[bullseye] - aom <no-dsa> (Minor issue)
[buster] - aom <postponed> (Minor issue)
https://crbug.com/aomedia/3491
Fixed by: https://aomedia.googlesource.com/aom/+/7ae7bef246e85c8f349513d668b4571c79a43c5c (v3.7.1-rc1)
Followup: https://aomedia.googlesource.com/aom/+/24467e8ac3b0f6f5d09457d342327393b8e3da3d (v3.7.1-rc1)
Tests: https://aomedia.googlesource.com/aom/+/8b9ea452396a00f2d019b8b11b8876d363d62659 (v3.7.1-rc1)