Mageia Advisory: MGASA-2024-0221 - Updated libvpx packages fix security vulnerabilities

Updated libvpx packages fix security vulnerabilities

Publication date: 14 Jun 2024
Modification date: 14 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-5197

Description

There exists integer overflows in libvpx in versions prior to 1.14.1.
Calling vpx_img_alloc() with a large value of the d_w, d_h, or align
parameter may result in integer overflows in the calculations of buffer
sizes and offsets and some fields of the returned vpx_image_t struct may
be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h,
or stride_align parameter may result in integer overflows in the
calculations of buffer sizes and offsets and some fields of the returned
vpx_image_t struct may be invalid. (CVE-2024-5197)

References

https://bugs.mageia.org/show_bug.cgi?id=33281
https://ubuntu.com/security/notices/USN-6814-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5197

SRPMS

9/core

libvpx-1.12.0-1.3.mga9

Advisories » MGASA-2024-0221

Updated libvpx packages fix security vulnerabilities

Description

References

SRPMS

9/core