On Fri, 07 May 2021 21:23:19 +0200 Moritz Muehlenhoff <jmm@debian.org> wrote: > Source: aom > Severity: important > Tags: security > X-Debbugs-Cc: Debian Security Team <team@security.debian.org> > > CVE-2021-30473: > | aom_image.c in libaom in AOMedia before 2021-04-07 frees memory > that is not located on the heap. > > Unfortunately > https://bugs.chromium.org/p/aomedia/issues/detail?id=2998 is private, > but the fix appears to be > https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578 Updated reference from Moritz Muehlenhoff: https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/ This leads to the vulnerable code being accessible from encode and decode operations via compiled binaries shipped in the aom-tools package. /usr/bin/aomenc and /usr/bin/aomdenc e.g. https://sources.debian.org/src/aom/1.0.0.errata1-3/apps/aomenc.c/#L2117 I'm happy to work on this as a patch to Salsa, backporting the change from the upstream version 3.1.1 to the Debian unstable version of 1.1.0.errata1-3 The vulnerable code does exist in 1.1.0.errata1-3, albeit slightly offset: https://sources.debian.org/src/aom/1.0.0.errata1-3/aom/src/aom_image.c/#L105 I'll include backported fixes for CVE-2021-303474 and CVE-2021-303475 -- Neil Williams ============= https://linux.codehelp.co.uk/
Attachment:
pgpiUQG4554B_.pgp
Description: OpenPGP digital signature