448 lines
16 KiB
JSON
448 lines
16 KiB
JSON
{
|
||
"document":{
|
||
"aggregate_severity":{
|
||
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
|
||
"text":"Critical"
|
||
},
|
||
"category":"csaf_vex",
|
||
"csaf_version":"2.0",
|
||
"distribution":{
|
||
"tlp":{
|
||
"label":"WHITE",
|
||
"url":"https:/www.first.org/tlp/"
|
||
}
|
||
},
|
||
"lang":"en",
|
||
"notes":[
|
||
{
|
||
"text":"aom security update",
|
||
"category":"general",
|
||
"title":"Synopsis"
|
||
},
|
||
{
|
||
"text":"An update for aom is now available for openEuler-24.03-LTS.",
|
||
"category":"general",
|
||
"title":"Summary"
|
||
},
|
||
{
|
||
"text":"The Alliance for Open Media’s focus is to deliver a next-generation video format that is:\n\nSecurity Fix(es):\n\nInteger overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:\n\n\n * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.(CVE-2024-5171)",
|
||
"category":"general",
|
||
"title":"Description"
|
||
},
|
||
{
|
||
"text":"An update for aom is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
|
||
"category":"general",
|
||
"title":"Topic"
|
||
},
|
||
{
|
||
"text":"Critical",
|
||
"category":"general",
|
||
"title":"Severity"
|
||
},
|
||
{
|
||
"text":"aom",
|
||
"category":"general",
|
||
"title":"Affected Component"
|
||
}
|
||
],
|
||
"publisher":{
|
||
"issuing_authority":"openEuler security committee",
|
||
"name":"openEuler",
|
||
"namespace":"https://www.openeuler.org",
|
||
"contact_details":"openeuler-security@openeuler.org",
|
||
"category":"vendor"
|
||
},
|
||
"references":[
|
||
{
|
||
"summary":"openEuler-SA-2024-1949",
|
||
"category":"self",
|
||
"url":"https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1949"
|
||
},
|
||
{
|
||
"summary":"CVE-2024-5171",
|
||
"category":"self",
|
||
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-5171&packageName=aom"
|
||
},
|
||
{
|
||
"summary":"nvd cve",
|
||
"category":"external",
|
||
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5171"
|
||
},
|
||
{
|
||
"summary":"openEuler-SA-2024-1949 vex file",
|
||
"category":"self",
|
||
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1949.json"
|
||
}
|
||
],
|
||
"title":"An update for aom is now available for openEuler-24.03-LTS",
|
||
"tracking":{
|
||
"initial_release_date":"2024-08-02T19:42:33+08:00",
|
||
"revision_history":[
|
||
{
|
||
"date":"2024-08-02T19:42:33+08:00",
|
||
"summary":"Initial",
|
||
"number":"1.0.0"
|
||
},
|
||
{
|
||
"date":"2024-08-05T11:31:33+08:00",
|
||
"summary":"final",
|
||
"number":"2.0.0"
|
||
}
|
||
],
|
||
"generator":{
|
||
"date":"2024-08-05T11:31:33+08:00",
|
||
"engine":{
|
||
"name":"openEuler CSAF Tool V1.0"
|
||
}
|
||
},
|
||
"current_release_date":"2024-08-05T11:31:33+08:00",
|
||
"id":"openEuler-SA-2024-1949",
|
||
"version":"2.0.0",
|
||
"status":"final"
|
||
}
|
||
},
|
||
"product_tree":{
|
||
"branches":[
|
||
{
|
||
"name":"openEuler",
|
||
"category":"vendor",
|
||
"branches":[
|
||
{
|
||
"name":"openEuler",
|
||
"branches":[
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"openEuler-24.03-LTS",
|
||
"name":"openEuler-24.03-LTS"
|
||
},
|
||
"name":"openEuler-24.03-LTS",
|
||
"category":"product_version"
|
||
}
|
||
],
|
||
"category":"product_name"
|
||
},
|
||
{
|
||
"name":"aarch64",
|
||
"branches":[
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"aom-3.8.0-2.oe2403.aarch64.rpm",
|
||
"name":"aom-3.8.0-2.oe2403.aarch64.rpm"
|
||
},
|
||
"name":"aom-3.8.0-2.oe2403.aarch64.rpm",
|
||
"category":"product_version"
|
||
},
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm",
|
||
"name":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm"
|
||
},
|
||
"name":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm",
|
||
"category":"product_version"
|
||
},
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm",
|
||
"name":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm"
|
||
},
|
||
"name":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm",
|
||
"category":"product_version"
|
||
},
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"libaom-3.8.0-2.oe2403.aarch64.rpm",
|
||
"name":"libaom-3.8.0-2.oe2403.aarch64.rpm"
|
||
},
|
||
"name":"libaom-3.8.0-2.oe2403.aarch64.rpm",
|
||
"category":"product_version"
|
||
},
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm",
|
||
"name":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm"
|
||
},
|
||
"name":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm",
|
||
"category":"product_version"
|
||
}
|
||
],
|
||
"category":"product_name"
|
||
},
|
||
{
|
||
"name":"src",
|
||
"branches":[
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"aom-3.8.0-2.oe2403.src.rpm",
|
||
"name":"aom-3.8.0-2.oe2403.src.rpm"
|
||
},
|
||
"name":"aom-3.8.0-2.oe2403.src.rpm",
|
||
"category":"product_version"
|
||
}
|
||
],
|
||
"category":"product_name"
|
||
},
|
||
{
|
||
"name":"x86_64",
|
||
"branches":[
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm",
|
||
"name":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm"
|
||
},
|
||
"name":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm",
|
||
"category":"product_version"
|
||
},
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm",
|
||
"name":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm"
|
||
},
|
||
"name":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm",
|
||
"category":"product_version"
|
||
},
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"libaom-3.8.0-2.oe2403.x86_64.rpm",
|
||
"name":"libaom-3.8.0-2.oe2403.x86_64.rpm"
|
||
},
|
||
"name":"libaom-3.8.0-2.oe2403.x86_64.rpm",
|
||
"category":"product_version"
|
||
},
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm",
|
||
"name":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm"
|
||
},
|
||
"name":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm",
|
||
"category":"product_version"
|
||
},
|
||
{
|
||
"product":{
|
||
"product_identification_helper":{
|
||
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
|
||
},
|
||
"product_id":"aom-3.8.0-2.oe2403.x86_64.rpm",
|
||
"name":"aom-3.8.0-2.oe2403.x86_64.rpm"
|
||
},
|
||
"name":"aom-3.8.0-2.oe2403.x86_64.rpm",
|
||
"category":"product_version"
|
||
}
|
||
],
|
||
"category":"product_name"
|
||
}
|
||
]
|
||
}
|
||
],
|
||
"relationships":[
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"aom-3.8.0-2.oe2403.aarch64.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64",
|
||
"name":"aom-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
},
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"aom-debuginfo-3.8.0-2.oe2403.aarch64.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64",
|
||
"name":"aom-debuginfo-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
},
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"libaom-devel-3.8.0-2.oe2403.aarch64.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64",
|
||
"name":"libaom-devel-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
},
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"libaom-3.8.0-2.oe2403.aarch64.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64",
|
||
"name":"libaom-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
},
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"aom-debugsource-3.8.0-2.oe2403.aarch64.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64",
|
||
"name":"aom-debugsource-3.8.0-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
},
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"aom-3.8.0-2.oe2403.src.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src",
|
||
"name":"aom-3.8.0-2.oe2403.src as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
},
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"libaom-devel-3.8.0-2.oe2403.x86_64.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64",
|
||
"name":"libaom-devel-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
},
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"aom-debugsource-3.8.0-2.oe2403.x86_64.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64",
|
||
"name":"aom-debugsource-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
},
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"libaom-3.8.0-2.oe2403.x86_64.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64",
|
||
"name":"libaom-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
},
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"aom-debuginfo-3.8.0-2.oe2403.x86_64.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64",
|
||
"name":"aom-debuginfo-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
},
|
||
{
|
||
"relates_to_product_reference":"openEuler-24.03-LTS",
|
||
"product_reference":"aom-3.8.0-2.oe2403.x86_64.rpm",
|
||
"full_product_name":{
|
||
"product_id":"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64",
|
||
"name":"aom-3.8.0-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
|
||
},
|
||
"category":"default_component_of"
|
||
}
|
||
]
|
||
},
|
||
"vulnerabilities":[
|
||
{
|
||
"cve":"CVE-2024-5171",
|
||
"notes":[
|
||
{
|
||
"text":"Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:\n\n\n * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.",
|
||
"category":"description",
|
||
"title":"Vulnerability Description"
|
||
}
|
||
],
|
||
"product_status":{
|
||
"fixed":[
|
||
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src",
|
||
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64"
|
||
]
|
||
},
|
||
"remediations":[
|
||
{
|
||
"product_ids":[
|
||
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src",
|
||
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64"
|
||
],
|
||
"details":"aom security update",
|
||
"category":"vendor_fix",
|
||
"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1949"
|
||
}
|
||
],
|
||
"scores":[
|
||
{
|
||
"cvss_v3":{
|
||
"baseSeverity":"CRITICAL",
|
||
"baseScore":9.8,
|
||
"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"version":"3.1"
|
||
},
|
||
"products":[
|
||
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.aarch64",
|
||
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.src",
|
||
"openEuler-24.03-LTS:libaom-devel-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:aom-debugsource-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:libaom-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:aom-debuginfo-3.8.0-2.oe2403.x86_64",
|
||
"openEuler-24.03-LTS:aom-3.8.0-2.oe2403.x86_64"
|
||
]
|
||
}
|
||
],
|
||
"threats":[
|
||
{
|
||
"details":"Critical",
|
||
"category":"impact"
|
||
}
|
||
],
|
||
"title":"CVE-2024-5171"
|
||
}
|
||
]
|
||
} |