{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-5197", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2024-05-22T09:42:54.906Z", "datePublished": "2024-06-03T13:30:26.925Z", "dateUpdated": "2024-08-01T21:03:11.058Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://chromium.googlesource.com/webm/", "defaultStatus": "unaffected", "packageName": "libvpx", "product": "libvpx", "programFiles": ["https://chromium.googlesource.com/webm/libvpx/+/refs/heads/main/vpx/src/vpx_image.c"], "programRoutines": [{"name": "vpx_img_alloc()"}, {"name": "vpx_img_wrap()"}], "repo": "https://chromium.googlesource.com", "vendor": "Chromium", "versions": [{"lessThan": "1.14.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-04-02T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There exists interger overflows in libvpx in versions prior to 1.14.1.&nbsp;<span style=\"background-color: var(--wht);\">Calling </span><code>vpx_img_alloc()</code><span style=\"background-color: var(--wht);\">&nbsp;with a large value of the </span><code>d_w</code><span style=\"background-color: var(--wht);\">, </span><code>d_h</code><span style=\"background-color: var(--wht);\">, or </span><code>align</code><span style=\"background-color: var(--wht);\">&nbsp;parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned </span><code>vpx_image_t</code><span style=\"background-color: var(--wht);\">&nbsp;struct may be invalid.&nbsp;</span><span style=\"background-color: var(--wht);\">Calling </span><code>vpx_img_wrap()</code><span style=\"background-color: var(--wht);\">&nbsp;with a large value of the </span><code>d_w</code><span style=\"background-color: var(--wht);\">, </span><code>d_h</code><span style=\"background-color: var(--wht);\">, or </span><code>stride_align</code><span style=\"background-color: var(--wht);\">&nbsp;parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned </span><code>vpx_image_t</code><span style=\"background-color: var(--wht);\">&nbsp;struct may be invalid. We recommend upgrading to version 1.14.1 or beyond</span><span style=\"background-color: var(--wht);\"><br></span><br><br>"}], "value": "There exists interger overflows in libvpx in versions prior to 1.14.1.\u00a0Calling vpx_img_alloc()\u00a0with a large value of the d_w, d_h, or align\u00a0parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t\u00a0struct may be invalid.\u00a0Calling vpx_img_wrap()\u00a0with a large value of the d_w, d_h, or stride_align\u00a0parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t\u00a0struct may be invalid. We recommend upgrading to version 1.14.1 or beyond"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.9, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-06-03T13:30:26.925Z"}, "references": [{"url": "https://g-issues.chromium.org/issues/332382766"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Integer overflow in libvpx", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5197", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T17:27:56.300102Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:chromium:libvpx:*:*:*:*:*:*:*:*"], "vendor": "chromium", "product": "libvpx", "versions": [{"status": "affected", "version": "0", "lessThan": "1.14.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T18:02:28.171Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:03:11.058Z"}, "title": "CVE Program Container", "references": [{"url": "https://g-issues.chromium.org/issues/332382766", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://g-issues.chromium.org/issues/332382766", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:03:11.058Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5197", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T17:27:56.300102Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:chromium:libvpx:*:*:*:*:*:*:*:*"], "vendor": "chromium", "product": "libvpx", "versions": [{"status": "affected", "version": "0", "lessThan": "1.14.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T17:29:40.709Z"}}], "cna": {"title": "Integer overflow in libvpx", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://chromium.googlesource.com", "vendor": "Chromium", "product": "libvpx", "versions": [{"status": "affected", "version": "0", "lessThan": "1.14.1", "versionType": "semver"}], "packageName": "libvpx", "programFiles": ["https://chromium.googlesource.com/webm/libvpx/+/refs/heads/main/vpx/src/vpx_image.c"], "collectionURL": "https://chromium.googlesource.com/webm/", "defaultStatus": "unaffected", "programRoutines": [{"name": "vpx_img_alloc()"}, {"name": "vpx_img_wrap()"}]}], "datePublic": "2024-04-02T10:00:00.000Z", "references": [{"url": "https://g-issues.chromium.org/issues/332382766"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "There exists interger overflows in libvpx in versions prior to 1.14.1.\u00a0Calling vpx_img_alloc()\u00a0with a large value of the d_w, d_h, or align\u00a0parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t\u00a0struct may be invalid.\u00a0Calling vpx_img_wrap()\u00a0with a large value of the d_w, d_h, or stride_align\u00a0parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t\u00a0struct may be invalid. We recommend upgrading to version 1.14.1 or beyond", "supportingMedia": [{"type": "text/html", "value": "There exists interger overflows in libvpx in versions prior to 1.14.1.&nbsp;<span style=\"background-color: var(--wht);\">Calling </span><code>vpx_img_alloc()</code><span style=\"background-color: var(--wht);\">&nbsp;with a large value of the </span><code>d_w</code><span style=\"background-color: var(--wht);\">, </span><code>d_h</code><span style=\"background-color: var(--wht);\">, or </span><code>align</code><span style=\"background-color: var(--wht);\">&nbsp;parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned </span><code>vpx_image_t</code><span style=\"background-color: var(--wht);\">&nbsp;struct may be invalid.&nbsp;</span><span style=\"background-color: var(--wht);\">Calling </span><code>vpx_img_wrap()</code><span style=\"background-color: var(--wht);\">&nbsp;with a large value of the </span><code>d_w</code><span style=\"background-color: var(--wht);\">, </span><code>d_h</code><span style=\"background-color: var(--wht);\">, or </span><code>stride_align</code><span style=\"background-color: var(--wht);\">&nbsp;parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned </span><code>vpx_image_t</code><span style=\"background-color: var(--wht);\">&nbsp;struct may be invalid. We recommend upgrading to version 1.14.1 or beyond</span><span style=\"background-color: var(--wht);\"><br></span><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-06-03T13:30:26.925Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5197", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:03:11.058Z", "dateReserved": "2024-05-22T09:42:54.906Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2024-06-03T13:30:26.925Z", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "There exists interger overflows in libvpx in versions prior to 1.14.1.\u00a0Calling vpx_img_alloc()\u00a0with a large value of the d_w, d_h, or align\u00a0parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t\u00a0struct may be invalid.\u00a0Calling vpx_img_wrap()\u00a0with a large value of the d_w, d_h, or stride_align\u00a0parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t\u00a0struct may be invalid. We recommend upgrading to version 1.14.1 or beyond"}, {"lang": "es", "value": "Existen desbordamientos de enteros en libvpx en versiones anteriores a la 1.14.1. Llamar a vpx_img_alloc() con un valor grande del par\u00e1metro d_w, d_h o align puede provocar desbordamientos de enteros en los c\u00e1lculos de tama\u00f1os y compensaciones del b\u00fafer y algunos campos de la estructura vpx_image_t devuelta pueden no ser v\u00e1lidos. Llamar a vpx_img_wrap() con un valor grande del par\u00e1metro d_w, d_h o stride_align puede provocar desbordamientos de enteros en los c\u00e1lculos de tama\u00f1os y compensaciones del b\u00fafer y algunos campos de la estructura vpx_image_t devuelta pueden no ser v\u00e1lidos. Recomendamos actualizar a la versi\u00f3n 1.14.1 o posterior"}], "id": "CVE-2024-5197", "lastModified": "2024-11-21T09:47:10.363", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "HIGH"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-06-03T14:15:09.520", "references": [{"source": "[email protected]", "url": "https://g-issues.chromium.org/issues/332382766"}, {"source": "[email protected]", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://g-issues.chromium.org/issues/332382766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "[email protected]", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5941", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libvpx-0:1.7.0-11.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:9827", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libvpx-0:1.9.0-8.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-18T00:00:00Z"}], "bugzilla": {"description": "libvpx: Integer overflow in vpx_img_alloc()", "id": "2291198", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2291198"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190", "details": ["There exists interger overflows in libvpx in versions prior to 1.14.1.\u00a0Calling vpx_img_alloc()\u00a0with a large value of the d_w, d_h, or align\u00a0parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t\u00a0struct may be invalid.\u00a0Calling vpx_img_wrap()\u00a0with a large value of the d_w, d_h, or stride_align\u00a0parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t\u00a0struct may be invalid. We recommend upgrading to version 1.14.1 or beyond", "A flaw was found in libvpx. When creating images, libvpx trusts the width, height, and alignment of the user input. However, it does not properly validate the provided values. This flaw allows an attacker to craft user inputs or trick the user into opening crafted files, where these types of values are invalid, leading to integer overflows during memory allocation procedures. A successful full attack leads to the targeted application crashing, resulting in a denial of service or memory corruption, which results in data integrity issues."], "name": "CVE-2024-5197", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libvpx", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libvpx", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "firefox:flatpak/firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "thunderbird:flatpak/thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "firefox:flatpak/firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-5197\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5197"], "threat_severity": "Moderate", "upstream_fix": "libvpx 1.14.1"}