QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-5197

Back to search

CVE-2024-5197

Published: Jun 3, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

VendorProductVersions

Chromium

libvpx

affected
0 - < 1.14.1

Weaknesses (CWE)

CWE-190

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now