jiachao2130/csaf2cusa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5cde716b34
csaf2cusa/csaf/advisories/2024/csaf-openEuler-SA-2024-1949.json
Jia Chao 5cde716b34 更新:20240807 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-08-07 09:56:41 +08:00

448 lines
16 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"document":{
"aggregate_severity":{
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
"text":"Critical"
},
"category":"csaf_vex",
"csaf_version":"2.0",
"distribution":{
"tlp":{
"label":"WHITE",
"url":"https:/www.first.org/tlp/"
}
},
"lang":"en",
"notes":[
{
"text":"aom security update",
"category":"general",
"title":"Synopsis"
},
{
"text":"An update for aom is now available for openEuler-24.03-LTS.",
"category":"general",
"title":"Summary"
},
{
"text":"The Alliance for Open Medias focus is to deliver a next-generation video format that is:\n\nSecurity Fix(es):\n\nInteger overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:\n\n\n * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.(CVE-2024-5171)",
"category":"general",
"title":"Description"
},
{
"text":"An update for aom is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"category":"general",
"title":"Topic"
},
{
"text":"Critical",
"category":"general",
"title":"Severity"
},
{
"text":"aom",
"category":"general",
"title":"Affected Component"
}
],
"publisher":{
"issuing_authority":"openEuler security committee",
"name":"openEuler",
"namespace":"https://www.openeuler.org",
"contact_details":"openeuler-security@openeuler.org",
"category":"vendor"
},
"references":[
{
"summary":"openEuler-SA-2024-1949",
"category":"self",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1949"
},
{
"summary":"CVE-2024-5171",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5171&packageName=aom"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5171"
},
{
"summary":"openEuler-SA-2024-1949 vex file",
"category":"self",
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1949.json"
}
],
"title":"An update for aom is now available for openEuler-24.03-LTS",
"tracking":{
"initial_release_date":"2024-08-02T19:42:33+08:00",
"revision_history":[
{
"date":"2024-08-02T19:42:33+08:00",
"summary":"Initial",
"number":"1.0.0"
},
{
"date":"2024-08-05T11:31:33+08:00",
"summary":"final",
"number":"2.0.0"
}
],
"generator":{
"date":"2024-08-05T11:31:33+08:00",
"engine":{
"name":"openEuler CSAF Tool V1.0"
}
},
"current_release_date":"2024-08-05T11:31:33+08:00",
"id":"openEuler-SA-2024-1949",
"version":"2.0.0",
"status":"final"
}
},
"product_tree":{
"branches":[
{
"name":"openEuler",
"category":"vendor",
"branches":[
{
"name":"openEuler",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"openEuler-24.03-LTS",
"name":"openEuler-24.03-LTS"
},
"name":"openEuler-24.03-LTS",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"aarch64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"aom-3.8.0-2.oe2403.aarch64.rpm",
"name":"aom-3.8.0-2.oe2403.aarch64.rpm"
},
"name":"aom-3.8.0-2.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm",
"name":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm"
},
"name":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm",
"name":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm"
},
"name":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"libaom-3.8.0-2.oe2403.aarch64.rpm",
"name":"libaom-3.8.0-2.oe2403.aarch64.rpm"
},
"name":"libaom-3.8.0-2.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm",
"name":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm"
},
"name":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"src",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"aom-3.8.0-2.oe2403.src.rpm",
"name":"aom-3.8.0-2.oe2403.src.rpm"
},
"name":"aom-3.8.0-2.oe2403.src.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"x86_64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm",
"name":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm"
},
"name":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm",
"name":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm"
},
"name":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"libaom-3.8.0-2.oe2403.x86_64.rpm",
"name":"libaom-3.8.0-2.oe2403.x86_64.rpm"
},
"name":"libaom-3.8.0-2.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm",
"name":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm"
},
"name":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"aom-3.8.0-2.oe2403.x86_64.rpm",
"name":"aom-3.8.0-2.oe2403.x86_64.rpm"
},
"name":"aom-3.8.0-2.oe2403.x86_64.rpm",
"category":"product_version"
}
],
"category":"product_name"
}
]
}
],
"relationships":[
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"aom-3.8.0-2.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64",
"name":"aom-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64",
"name":"aom-debuginfo-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64",
"name":"libaom-devel-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"libaom-3.8.0-2.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64",
"name":"libaom-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64",
"name":"aom-debugsource-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"aom-3.8.0-2.oe2403.src.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src",
"name":"aom-3.8.0-2.oe2403.src as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64",
"name":"libaom-devel-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64",
"name":"aom-debugsource-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"libaom-3.8.0-2.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64",
"name":"libaom-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64",
"name":"aom-debuginfo-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"aom-3.8.0-2.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64",
"name":"aom-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
}
]
},
"vulnerabilities":[
{
"cve":"CVE-2024-5171",
"notes":[
{
"text":"Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:\n\n\n * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src",
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src",
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64"
],
"details":"aom security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1949"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"CRITICAL",
"baseScore":9.8,
"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64",
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src",
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64",
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64"
]
}
],
"threats":[
{
"details":"Critical",
"category":"impact"
}
],
"title":"CVE-2024-5171"
}
]
}
Reference in New Issue View Git Blame Copy Permalink