CVE-2024-5197

MEDIUM EPSS 52.4%
Published Jun 3, 20242y ago · Modified Jun 17, 20262w ago
5.9 CVSS 4.0
Medium
Find Similar
Published Jun 3, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

CVSS Details

Base Score
5.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
52.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 2

VendorProductVersionRange
webmprojectlibvpx* <1.14.1
debiandebian_linux10.0any

References 2

  • g-issues.chromium.org https://g-issues.chromium.org/issues/332382766
    ExploitIssue Tracking
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html
    Mailing ListThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.