pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
26379462a9
vuln-list-alt/oval/c10f1/ALT-PU-2024-11403/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

112 lines
4.4 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202411403",
"Version": "oval:org.altlinux.errata:def:202411403",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-11403: package `libaom` update to version 3.9.1-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-11403",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-11403",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-04523",
"RefURL": "https://bdu.fstec.ru/vul/2024-04523",
"Source": "BDU"
},
{
"RefID": "CVE-2024-5171",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5171",
"Source": "CVE"
}
],
"Description": "This update upgrades libaom to version 3.9.1-alt2. \nSecurity Fix(es):\n\n * BDU:2024-04523: Уязвимость функции img_alloc_helper() библиотеки кодирования видео libaom, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-5171: Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:\n\n\n * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-21"
},
"Updated": {
"Date": "2024-08-21"
},
"BDUs": [
{
"ID": "BDU:2024-04523",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-190",
"Href": "https://bdu.fstec.ru/vul/2024-04523",
"Impact": "High",
"Public": "20240605"
}
],
"CVEs": [
{
"ID": "CVE-2024-5171",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5171",
"Impact": "Critical",
"Public": "20240605"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202411403001",
"Comment": "libaom-devel is earlier than 0:3.9.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411403002",
"Comment": "libaom-docs is earlier than 0:3.9.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411403003",
"Comment": "libaom-tools is earlier than 0:3.9.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411403004",
"Comment": "libaom3 is earlier than 0:3.9.1-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink