CVE-2023-6879 – heap buffer overflow in libaom
https://notcve.org/view.php?id=CVE-2023-6879
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). Aumentar la resolución de los fotogramas de vídeo, mientras se realiza una codificación multiproceso, puede provocar un desbordamiento del montón en av1_loop_restoration_dealloc(). • https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1 https://crbug.com/aomedia/3491 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVE-2023-39616
https://notcve.org/view.php?id=CVE-2023-39616
AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h. Se ha descubierto que AOMedia v3.0.0 a v3.5.0 contiene un acceso no válido a la memoria de lectura a través del componente "assign_frame_buffer_p in av1/common/av1_common_int.h. ". • https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-36134
https://notcve.org/view.php?id=CVE-2020-36134
AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c. Se ha detectado que AOM versión v2.0.1, contiene una violación de segmentación por medio del componente aom_dsp/x86/obmc_sad_avx2.c • https://bugs.chromium.org/p/aomedia/issues/detail?id=2914 https://security.gentoo.org/glsa/202401-32 • CWE-125: Out-of-bounds Read •
CVE-2020-36133
https://notcve.org/view.php?id=CVE-2020-36133
AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h. Se ha detectado que AOM versión v2.0.1, contiene un desbordamiento de búfer global por medio del componente av1/encoder/partition_search.h • https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1 https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html https://security.gentoo.org/glsa/202401-32 https://www.debian.org/security/2023/dsa-5490 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-36130
https://notcve.org/view.php?id=CVE-2020-36130
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. Se ha detectado que AOM versión v2.0.1, contiene una desreferencia de puntero NULL por medio del componente av1/av1_dx_iface.c • https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1 https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html https://security.gentoo.org/glsa/202401-32 https://www.debian.org/security/2023/dsa-5490 • CWE-476: NULL Pointer Dereference •