Search criteria

33 vulnerabilities found for aomedia by aomedia

FKIE_CVE-2023-6879

Vulnerability from fkie_nvd - Published: 2023-12-27 23:15 - Updated: 2025-02-13 18:16
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().
References
cve-coordination@google.comhttps://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1Patch
cve-coordination@google.comhttps://crbug.com/aomedia/3491Exploit, Issue Tracking, Mailing List, Patch, Third Party Advisory
cve-coordination@google.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/Mailing List, Third Party Advisory
cve-coordination@google.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1Patch
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/aomedia/3491Exploit, Issue Tracking, Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
aomedia aomedia *
fedoraproject fedora 38
fedoraproject fedora 39
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aomedia:aomedia:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C852A718-716E-4C5F-891D-1E290834F660",
              "versionEndExcluding": "3.7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc()."
    },
    {
      "lang": "es",
      "value": "Aumentar la resoluci\u00f3n de los fotogramas de v\u00eddeo, mientras se realiza una codificaci\u00f3n multiproceso, puede provocar un desbordamiento del mont\u00f3n en av1_loop_restoration_dealloc()."
    }
  ],
  "id": "CVE-2023-6879",
  "lastModified": "2025-02-13T18:16:11.250",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 6.0,
        "source": "cve-coordination@google.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-27T23:15:07.530",
  "references": [
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Patch"
      ],
      "url": "https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://crbug.com/aomedia/3491"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://crbug.com/aomedia/3491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/"
    }
  ],
  "sourceIdentifier": "cve-coordination@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "cve-coordination@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-39616

Vulnerability from fkie_nvd - Published: 2023-08-29 17:15 - Updated: 2024-11-21 08:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.
References
cve@mitre.orghttps://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3Issue Tracking, Patch
Impacted products
Vendor Product Version
aomedia aomedia *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aomedia:aomedia:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAF85870-799A-4A12-B6E7-62A63B77CC6A",
              "versionEndIncluding": "3.5.0",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto que AOMedia v3.0.0 a v3.5.0 contiene un acceso no v\u00e1lido a la memoria de lectura a trav\u00e9s del componente \"assign_frame_buffer_p in av1/common/av1_common_int.h. \"."
    }
  ],
  "id": "CVE-2023-39616",
  "lastModified": "2024-11-21T08:15:42.747",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-29T17:15:12.633",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2020-36134

Vulnerability from fkie_nvd - Published: 2021-12-02 22:15 - Updated: 2024-11-21 05:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.
References
cve@mitre.orghttps://bugs.chromium.org/p/aomedia/issues/detail?id=2914Exploit, Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/202401-32
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/aomedia/issues/detail?id=2914Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202401-32
Impacted products
Vendor Product Version
aomedia aomedia 2.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aomedia:aomedia:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD7B35F-8B54-4609-8889-05FD5850675C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que AOM versi\u00f3n v2.0.1, contiene una violaci\u00f3n de segmentaci\u00f3n por medio del componente aom_dsp/x86/obmc_sad_avx2.c"
    }
  ],
  "id": "CVE-2020-36134",
  "lastModified": "2024-11-21T05:28:47.173",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-02T22:15:08.780",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-32"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2020-36131

Vulnerability from fkie_nvd - Published: 2021-12-02 22:15 - Updated: 2024-11-21 05:28
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.
References
cve@mitre.orghttps://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1Exploit, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
cve@mitre.orghttps://security.gentoo.org/glsa/202401-32
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5490
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202401-32
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5490
Impacted products
Vendor Product Version
aomedia aomedia 2.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aomedia:aomedia:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD7B35F-8B54-4609-8889-05FD5850675C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que AOM versi\u00f3n v2.0.1, conten\u00eda un desbordamiento del b\u00fafer de la pila por medio del componente stats/rate_hist.c"
    }
  ],
  "id": "CVE-2020-36131",
  "lastModified": "2024-11-21T05:28:46.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-02T22:15:08.693",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2911\u0026q=\u0026can=1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2911\u0026q=\u0026can=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2020-36130

Vulnerability from fkie_nvd - Published: 2021-12-02 22:15 - Updated: 2024-11-21 05:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.
References
cve@mitre.orghttps://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1Exploit, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
cve@mitre.orghttps://security.gentoo.org/glsa/202401-32
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5490
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202401-32
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5490
Impacted products
Vendor Product Version
aomedia aomedia 2.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aomedia:aomedia:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD7B35F-8B54-4609-8889-05FD5850675C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que AOM versi\u00f3n v2.0.1, contiene una desreferencia de puntero NULL por medio del componente av1/av1_dx_iface.c"
    }
  ],
  "id": "CVE-2020-36130",
  "lastModified": "2024-11-21T05:28:46.643",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-02T22:15:08.650",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2905\u0026q=\u0026can=1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2905\u0026q=\u0026can=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2020-36133

Vulnerability from fkie_nvd - Published: 2021-12-02 22:15 - Updated: 2024-11-21 05:28
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.
References
cve@mitre.orghttps://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1Exploit, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
cve@mitre.orghttps://security.gentoo.org/glsa/202401-32
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5490
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202401-32
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5490
Impacted products
Vendor Product Version
aomedia aomedia 2.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aomedia:aomedia:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD7B35F-8B54-4609-8889-05FD5850675C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que AOM versi\u00f3n v2.0.1, contiene un desbordamiento de b\u00fafer global por medio del componente av1/encoder/partition_search.h"
    }
  ],
  "id": "CVE-2020-36133",
  "lastModified": "2024-11-21T05:28:47.000",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-02T22:15:08.733",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2913\u0026q=\u0026can=1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2913\u0026q=\u0026can=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2020-36135

Vulnerability from fkie_nvd - Published: 2021-12-02 22:15 - Updated: 2024-11-21 05:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
References
cve@mitre.orghttps://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1Exploit, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
cve@mitre.orghttps://security.gentoo.org/glsa/202401-32
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5490
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202401-32
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5490
Impacted products
Vendor Product Version
aomedia aomedia 2.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aomedia:aomedia:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD7B35F-8B54-4609-8889-05FD5850675C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que AOM versi\u00f3n v2.0.1, contiene una desreferencia de puntero NULL por medio del componente rate_hist.c"
    }
  ],
  "id": "CVE-2020-36135",
  "lastModified": "2024-11-21T05:28:47.347",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-02T22:15:08.833",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2020-36129

Vulnerability from fkie_nvd - Published: 2021-12-02 22:15 - Updated: 2024-11-21 05:28
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.
References
cve@mitre.orghttps://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1Exploit, Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/202401-32
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202401-32
Impacted products
Vendor Product Version
aomedia aomedia 2.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aomedia:aomedia:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD7B35F-8B54-4609-8889-05FD5850675C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que AOM versi\u00f3n v2.0.1, contiene un desbordamiento del b\u00fafer de la pila por medio del componente src/aom_image.c"
    }
  ],
  "id": "CVE-2020-36129",
  "lastModified": "2024-11-21T05:28:46.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-02T22:15:08.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912\u0026q=\u0026can=1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912\u0026q=\u0026can=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-32"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2021-30475

Vulnerability from fkie_nvd - Published: 2021-06-04 14:15 - Updated: 2024-11-21 06:03
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
References
cve@mitre.orghttps://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0Patch, Third Party Advisory
cve@mitre.orghttps://bugs.chromium.org/p/aomedia/issues/detail?id=2999Permissions Required, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/
cve@mitre.orghttps://security.gentoo.org/glsa/202401-32
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5490
af854a3a-2127-422b-91ae-364da2661108https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/aomedia/issues/detail?id=2999Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202401-32
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5490
Impacted products
Vendor Product Version
aomedia aomedia *
fedoraproject fedora 34
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aomedia:aomedia:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7D54849-4C98-4E95-871D-184D4F422510",
              "versionEndExcluding": "2021-03-24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow."
    },
    {
      "lang": "es",
      "value": "El archivo aom_dsp/noise_model.c en libaom en AOMedia versiones anteriores al 24-03-2021, presenta un desbordamiento del b\u00fafer"
    }
  ],
  "id": "CVE-2021-30475",
  "lastModified": "2024-11-21T06:03:59.783",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-04T14:15:07.540",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2999"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2021-30474

Vulnerability from fkie_nvd - Published: 2021-06-02 17:15 - Updated: 2024-11-21 06:03
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
References
cve@mitre.orghttps://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2ePatch, Third Party Advisory
cve@mitre.orghttps://bugs.chromium.org/p/aomedia/issues/detail?id=3000Permissions Required, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
cve@mitre.orghttps://security.gentoo.org/glsa/202401-32
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5490
af854a3a-2127-422b-91ae-364da2661108https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2ePatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/aomedia/issues/detail?id=3000Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202401-32
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5490
Impacted products
Vendor Product Version
aomedia aomedia *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aomedia:aomedia:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCCF0397-23F7-4AA6-AB8A-988133EF3A15",
              "versionEndExcluding": "2021-03-30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free."
    },
    {
      "lang": "es",
      "value": "El archivo aom_dsp/grain_table.c en la funci\u00f3n libaom en AOMedia hasta el 30-03-2021, presenta un uso de la memoria previamente liberada"
    }
  ],
  "id": "CVE-2021-30474",
  "lastModified": "2024-11-21T06:03:59.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-02T17:15:08.630",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3000"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2023/dsa-5490"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-6879 (GCVE-0-2023-6879)

Vulnerability from cvelistv5 – Published: 2023-12-27 22:16 – Updated: 2025-02-13 17:26
VLAI?
Title
heap buffer overflow in libaom
Summary
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().
Severity ?
9 (Critical)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
libaom libaom Affected: 0 , < 3.7.1 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:42:08.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crbug.com/aomedia/3491"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libaom",
          "repo": "https://aomedia.googlesource.com/aom/",
          "vendor": "libaom",
          "versions": [
            {
              "lessThan": "3.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-12-16T03:41:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIncreasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().\u003c/p\u003e"
            }
          ],
          "value": "Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc()."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-07T02:06:25.187Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://crbug.com/aomedia/3491"
        },
        {
          "url": "https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "heap buffer overflow in libaom",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-6879",
    "datePublished": "2023-12-27T22:16:41.709Z",
    "dateReserved": "2023-12-15T21:26:46.180Z",
    "dateUpdated": "2025-02-13T17:26:59.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39616 (GCVE-0-2023-39616)

Vulnerability from cvelistv5 – Published: 2023-08-29 00:00 – Updated: 2024-10-02 13:25
VLAI?
Summary
AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:18:08.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39616",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T13:24:51.306687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T13:25:00.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-29T16:18:15.093799",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-39616",
    "datePublished": "2023-08-29T00:00:00",
    "dateReserved": "2023-08-07T00:00:00",
    "dateUpdated": "2024-10-02T13:25:00.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36131 (GCVE-0-2020-36131)

Vulnerability from cvelistv5 – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.122Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2911\u0026q=\u0026can=1"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:54.801909",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2911\u0026q=\u0026can=1"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36131",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36129 (GCVE-0-2020-36129)

Vulnerability from cvelistv5 – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912\u0026q=\u0026can=1"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:47.987667",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912\u0026q=\u0026can=1"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36129",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36130 (GCVE-0-2020-36130)

Vulnerability from cvelistv5 – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2905\u0026q=\u0026can=1"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:56.517186",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2905\u0026q=\u0026can=1"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36130",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36135 (GCVE-0-2020-36135)

Vulnerability from cvelistv5 – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:46.367316",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36135",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36133 (GCVE-0-2020-36133)

Vulnerability from cvelistv5 – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2913\u0026q=\u0026can=1"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:49.644521",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2913\u0026q=\u0026can=1"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36133",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36134 (GCVE-0-2020-36134)

Vulnerability from cvelistv5 – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:42.984997",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36134",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30475 (GCVE-0-2021-30475)

Vulnerability from cvelistv5 – Published: 2021-06-04 00:00 – Updated: 2024-08-03 22:32
VLAI?
Summary
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:32:41.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2999"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0"
          },
          {
            "name": "FEDORA-2021-1c3f7963a5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:53.082870",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2999"
        },
        {
          "url": "https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0"
        },
        {
          "name": "FEDORA-2021-1c3f7963a5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30475",
    "datePublished": "2021-06-04T00:00:00",
    "dateReserved": "2021-04-08T00:00:00",
    "dateUpdated": "2024-08-03T22:32:41.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30474 (GCVE-0-2021-30474)

Vulnerability from cvelistv5 – Published: 2021-06-02 00:00 – Updated: 2024-08-03 22:32
VLAI?
Summary
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:32:41.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3000"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:44.678397",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3000"
        },
        {
          "url": "https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30474",
    "datePublished": "2021-06-02T00:00:00",
    "dateReserved": "2021-04-08T00:00:00",
    "dateUpdated": "2024-08-03T22:32:41.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6879 (GCVE-0-2023-6879)

Vulnerability from nvd – Published: 2023-12-27 22:16 – Updated: 2025-02-13 17:26
VLAI?
Title
heap buffer overflow in libaom
Summary
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().
Severity ?
9 (Critical)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
libaom libaom Affected: 0 , < 3.7.1 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:42:08.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crbug.com/aomedia/3491"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libaom",
          "repo": "https://aomedia.googlesource.com/aom/",
          "vendor": "libaom",
          "versions": [
            {
              "lessThan": "3.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-12-16T03:41:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIncreasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().\u003c/p\u003e"
            }
          ],
          "value": "Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc()."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-07T02:06:25.187Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://crbug.com/aomedia/3491"
        },
        {
          "url": "https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "heap buffer overflow in libaom",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-6879",
    "datePublished": "2023-12-27T22:16:41.709Z",
    "dateReserved": "2023-12-15T21:26:46.180Z",
    "dateUpdated": "2025-02-13T17:26:59.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39616 (GCVE-0-2023-39616)

Vulnerability from nvd – Published: 2023-08-29 00:00 – Updated: 2024-10-02 13:25
VLAI?
Summary
AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:18:08.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39616",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T13:24:51.306687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T13:25:00.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-29T16:18:15.093799",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-39616",
    "datePublished": "2023-08-29T00:00:00",
    "dateReserved": "2023-08-07T00:00:00",
    "dateUpdated": "2024-10-02T13:25:00.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36131 (GCVE-0-2020-36131)

Vulnerability from nvd – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.122Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2911\u0026q=\u0026can=1"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:54.801909",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2911\u0026q=\u0026can=1"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36131",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36129 (GCVE-0-2020-36129)

Vulnerability from nvd – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912\u0026q=\u0026can=1"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:47.987667",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912\u0026q=\u0026can=1"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36129",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36130 (GCVE-0-2020-36130)

Vulnerability from nvd – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2905\u0026q=\u0026can=1"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:56.517186",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2905\u0026q=\u0026can=1"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36130",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36135 (GCVE-0-2020-36135)

Vulnerability from nvd – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:46.367316",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36135",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36133 (GCVE-0-2020-36133)

Vulnerability from nvd – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2913\u0026q=\u0026can=1"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:49.644521",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2913\u0026q=\u0026can=1"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36133",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36134 (GCVE-0-2020-36134)

Vulnerability from nvd – Published: 2021-12-02 00:00 – Updated: 2024-08-04 17:16
VLAI?
Summary
AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:42.984997",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36134",
    "datePublished": "2021-12-02T00:00:00",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30475 (GCVE-0-2021-30475)

Vulnerability from nvd – Published: 2021-06-04 00:00 – Updated: 2024-08-03 22:32
VLAI?
Summary
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:32:41.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2999"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0"
          },
          {
            "name": "FEDORA-2021-1c3f7963a5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:53.082870",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2999"
        },
        {
          "url": "https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0"
        },
        {
          "name": "FEDORA-2021-1c3f7963a5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30475",
    "datePublished": "2021-06-04T00:00:00",
    "dateReserved": "2021-04-08T00:00:00",
    "dateUpdated": "2024-08-03T22:32:41.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30474 (GCVE-0-2021-30474)

Vulnerability from nvd – Published: 2021-06-02 00:00 – Updated: 2024-08-03 22:32
VLAI?
Summary
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:32:41.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3000"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e"
          },
          {
            "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
          },
          {
            "name": "DSA-5490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5490"
          },
          {
            "name": "GLSA-202401-32",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:44.678397",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3000"
        },
        {
          "url": "https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e"
        },
        {
          "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html"
        },
        {
          "name": "DSA-5490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5490"
        },
        {
          "name": "GLSA-202401-32",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30474",
    "datePublished": "2021-06-02T00:00:00",
    "dateReserved": "2021-04-08T00:00:00",
    "dateUpdated": "2024-08-03T22:32:41.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}