CVE-2024-5197

NameCVE-2024-5197
DescriptionThere exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3830-1, DSA-5722-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvpx (PTS)bullseye (security), bullseye1.9.0-1+deb11u3fixed
bookworm, bookworm (security)1.12.0-1+deb12u3fixed
sid, trixie1.14.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvpxsourcebuster1.7.0-3+deb10u3DLA-3830-1
libvpxsourcebullseye1.9.0-1+deb11u3DSA-5722-1
libvpxsourcebookworm1.12.0-1+deb12u3DSA-5722-1
libvpxsource(unstable)1.14.1-1

Notes

https://issues.chromium.org/issues/332382766
https://github.com/webmproject/libvpx/commit/c5640e3300690705c336966e2a8bb346a388c829
https://github.com/webmproject/libvpx/commit/9d7054c0cb83665a74cf6f59b6261f455e692149
https://github.com/webmproject/libvpx/commit/61c4d556bd03b97d84e3fa49180d14bde5a62baa

Search for package or bug name: Reporting problems