CVE-2024-5197

EUVD-2024-46440

03.06.2024, 14:15

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 55%

Affected Products (NVD)

Vendor	Product	Version
webmproject	libvpx	𝑥 < 1.14.1
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
chromium	libvpx	𝑥 < 1.14.1	ADP

Debian Releases

Debian Product

Codename

libvpx

bookworm	1.12.0-1+deb12u4 fixed
bookworm (security)	1.12.0-1+deb12u4 fixed
bullseye	1.9.0-1+deb11u3 fixed
bullseye (security)	1.9.0-1+deb11u4 fixed
forky	1.15.2-2 fixed
sid	1.15.2-2 fixed
trixie	1.15.0-2.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libvpx

bionic	Fixed 1.7.0-3ubuntu0.18.04.1+esm2 released
focal	Fixed 1.8.2-1ubuntu0.3 released
jammy	Fixed 1.11.0-2ubuntu2.3 released
mantic	Fixed 1.12.0-1ubuntu2.1 released
noble	Fixed 1.14.0-1ubuntu2.1 released
oracular	not-affected
trusty	Fixed 1.3.0-2ubuntu0.1+esm3 released
xenial	Fixed 1.5.0-2ubuntu1.1+esm3 released

openSUSE / SLES Releases

openSUSE Product

Release

libvpx-devel

suse enterprise desktop 15 SP5	1.11.0-150400.3.7.1 fixed
suse enterprise desktop 15 SP6	1.11.0-150400.3.7.1 fixed
suse enterprise desktop 15 SP7	1.11.0-150400.3.7.1 fixed
suse enterprise sap 15 SP2	1.6.1-150000.6.16.1 fixed
suse enterprise sap 15 SP3	1.6.1-150000.6.16.1 fixed
suse enterprise sap 15 SP5	1.11.0-150400.3.7.1 fixed
suse enterprise sap 15 SP6	1.11.0-150400.3.7.1 fixed
suse enterprise sap 15 SP7	1.11.0-150400.3.7.1 fixed
suse enterprise server 15 SP2	1.6.1-150000.6.16.1 fixed
suse enterprise server 15 SP3	1.6.1-150000.6.16.1 fixed
suse enterprise server 15 SP4	1.11.0-150400.3.7.1 fixed
suse enterprise server 15 SP5	1.11.0-150400.3.7.1 fixed
suse enterprise server 15 SP6	1.11.0-150400.3.7.1 fixed
suse enterprise server 15 SP7	1.11.0-150400.3.7.1 fixed

libvpx4

suse enterprise sap 15 SP2	1.6.1-150000.6.16.1 fixed
suse enterprise sap 15 SP3	1.6.1-150000.6.16.1 fixed
suse enterprise server 15 SP2	1.6.1-150000.6.16.1 fixed
suse enterprise server 15 SP3	1.6.1-150000.6.16.1 fixed
suse enterprise server 15 SP4	1.6.1-150000.6.16.1 fixed

libvpx7

suse enterprise desktop 15 SP5	1.11.0-150400.3.7.1 fixed
suse enterprise desktop 15 SP6	1.11.0-150400.3.7.1 fixed
suse enterprise desktop 15 SP7	1.11.0-150400.3.7.1 fixed
suse enterprise sap 15 SP5	1.11.0-150400.3.7.1 fixed
suse enterprise sap 15 SP6	1.11.0-150400.3.7.1 fixed
suse enterprise sap 15 SP7	1.11.0-150400.3.7.1 fixed
suse enterprise server 15 SP4	1.11.0-150400.3.7.1 fixed
suse enterprise server 15 SP5	1.11.0-150400.3.7.1 fixed
suse enterprise server 15 SP6	1.11.0-150400.3.7.1 fixed
suse enterprise server 15 SP7	1.11.0-150400.3.7.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

libvpx

RHEL 8	0:1.7.0-11.el8_10 fixed
RHEL 9	0:1.9.0-8.el9_5 fixed

libvpx-devel

RHEL 8	0:1.7.0-11.el8_10 fixed
RHEL 9	0:1.9.0-8.el9_5 fixed

Known Exploits!

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

https://g-issues.chromium.org/issues/332382766

https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html

https://g-issues.chromium.org/issues/332382766

https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html