We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-5171

heap buffer overflow in libaom



Description

Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.

Reserved 2024-05-21 | Published 2024-06-05 | Updated 2025-02-13 | Assigner Google


CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

1.0.0 before 3.9.0
affected

References

issues.chromium.org/issues/332382766

lists.fedoraproject.org/...6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/

lists.fedoraproject.org/...U5NRNCEYS246CYGOR32MF7OGKWOWER22/

cve.org (CVE-2024-5171)

nvd.nist.gov (CVE-2024-5171)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-5171

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.