Headline
CVE-2021-30473
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
)]}’ { "commit": "4efe20e99dcd9b6f8eadc8de8acc825be7416578", "tree": "2260276f973bda5c28b51ee12e990ac20cab4876", "parents": [ “e15483f6edb8f172c7747ff5d32c294a4bc25f8a” ], "author": { "name": "Wan-Teh Chang", "email": "[email protected]", "time": “Thu Apr 29 16:26:11 2021 -0700” }, "committer": { "name": "Wan-Teh Chang", "email": "[email protected]", "time": “Sat May 01 00:29:48 2021 +0000” }, "message": "Add a test that reproduces issue 2998\n\nThe bug fix is https://aomedia-review.googlesource.com/c/aom/+/134604.\n\nThe test is adapted from the reproducer test case attached to the bug\nreport.\n\nBUG\u003daomedia:2998\n\nChange-Id: I8c540db10c9f176aa353be5a48b2b925c0a89701\n", "tree_diff": [ { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "7ff82d7273b5781ea76e1e66fe6d3d2e8bb41a23", "new_mode": 33188, "new_path": “test/aom_image_test.cc” }, { "type": "modify", "old_id": "9d257536a69631e4a0f2c59ff9de7940719db83a", "old_mode": 33188, "old_path": "test/test.cmake", "new_id": "9305d18992f0cff46c59484adcd7a90b8ee331c6", "new_mode": 33188, "new_path": “test/test.cmake” } ] }
Related news
Gentoo Linux Security Advisory 202401-32 - Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. Versions greater than or equal to 3.2.0 are affected.
Ubuntu Security Notice 6447-1 - It was discovered that AOM incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
Debian Linux Security Advisory 5490-1 - Multiple security vulnerabilities have been discovered in aom, the AV1 Video Codec Library. Buffer overflows, use-after-free and NULL pointer dereferences may cause a denial of service or other unspecified impact if a malformed multimedia file is processed.