CVE-2024-5171 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-5171 Interim 1 13 2025-12-23T01:49:37Z current 2024-06-06T23:13:33Z 2025-12-23T01:49:37Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-5171 Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2024-June/035591.html E-Mail link for SUSE-SU-2024:2030-1 https://lists.suse.com/pipermail/sle-security-updates/2024-August/019250.html E-Mail link for SUSE-SU-2024:2052-1 https://lists.suse.com/pipermail/sle-updates/2024-June/035622.html E-Mail link for SUSE-SU-2024:2056-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container containers/open-webui:0.6.41-13.9 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP6 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP6 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP4-TERADATA SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP6 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP6 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.5 openSUSE Leap 15.6 aom-tools-3.2.0-150400.3.6.1 aom-tools-3.7.1-150600.3.3.1 aom-tools-3.7.1-150600.3.5.1 libaom-devel-3.2.0-150400.3.6.1 libaom-devel-3.7.1-150600.3.3.1 libaom-devel-3.7.1-150600.3.5.1 libaom-devel-doc-3.2.0-150400.3.6.1 libaom-devel-doc-3.7.1-150600.3.3.1 libaom-devel-doc-3.7.1-150600.3.5.2 libaom0-1.0.0-150200.3.18.1 libaom3-3.2.0-150400.3.6.1 libaom3-3.7.1-150600.3.3.1 libaom3-32bit-3.2.0-150400.3.6.1 libaom3-32bit-3.7.1-150600.3.3.1 libaom3-32bit-3.7.1-150600.3.5.1 libaom3-3.7.1-150600.3.3.1 as a component of Container containers/open-webui:0.6.41-13.9 libaom0-1.0.0-150200.3.18.1 as a component of SUSE Enterprise Storage 7.1 libaom0-1.0.0-150200.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libaom0-1.0.0-150200.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libaom3-3.2.0-150400.3.6.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libaom3-3.2.0-150400.3.6.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libaom3-3.2.0-150400.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libaom3-3.7.1-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 aom-tools-3.7.1-150600.3.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 libaom-devel-3.7.1-150600.3.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 libaom-devel-doc-3.7.1-150600.3.5.2 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 libaom3-3.7.1-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 libaom3-32bit-3.7.1-150600.3.5.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 libaom0-1.0.0-150200.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libaom0-1.0.0-150200.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libaom3-3.2.0-150400.3.6.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libaom3-3.2.0-150400.3.6.1 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA libaom0-1.0.0-150200.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libaom0-1.0.0-150200.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libaom3-3.2.0-150400.3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libaom3-3.2.0-150400.3.6.1 as a component of SUSE Manager Proxy 4.3 libaom3-3.2.0-150400.3.6.1 as a component of SUSE Manager Retail Branch Server 4.3 libaom3-3.2.0-150400.3.6.1 as a component of SUSE Manager Server 4.3 aom-tools-3.2.0-150400.3.6.1 as a component of openSUSE Leap 15.5 libaom-devel-3.2.0-150400.3.6.1 as a component of openSUSE Leap 15.5 libaom-devel-doc-3.2.0-150400.3.6.1 as a component of openSUSE Leap 15.5 libaom3-3.2.0-150400.3.6.1 as a component of openSUSE Leap 15.5 libaom3-32bit-3.2.0-150400.3.6.1 as a component of openSUSE Leap 15.5 aom-tools-3.7.1-150600.3.3.1 as a component of openSUSE Leap 15.6 libaom-devel-3.7.1-150600.3.3.1 as a component of openSUSE Leap 15.6 libaom-devel-doc-3.7.1-150600.3.3.1 as a component of openSUSE Leap 15.6 libaom3-3.7.1-150600.3.3.1 as a component of openSUSE Leap 15.6 libaom3-32bit-3.7.1-150600.3.3.1 as a component of openSUSE Leap 15.6 Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. CVE-2024-5171 Container containers/open-webui:0.6.41-13.9:libaom3-3.7.1-150600.3.3.1 SUSE Enterprise Storage 7.1:libaom0-1.0.0-150200.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libaom0-1.0.0-150200.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libaom0-1.0.0-150200.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libaom3-3.2.0-150400.3.6.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libaom3-3.2.0-150400.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libaom3-3.2.0-150400.3.6.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libaom3-3.7.1-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:aom-tools-3.7.1-150600.3.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libaom-devel-3.7.1-150600.3.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libaom-devel-doc-3.7.1-150600.3.5.2 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libaom3-3.7.1-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libaom3-32bit-3.7.1-150600.3.5.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:aom-tools-3.7.1-150600.3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:libaom-devel-3.7.1-150600.3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:libaom-devel-doc-3.7.1-150600.3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:libaom0-1.0.0-150200.3.18.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:libaom0-32bit-1.0.0-150200.3.18.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:libaom3-32bit-3.7.1-150600.3.3.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libaom0-1.0.0-150200.3.18.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libaom0-1.0.0-150200.3.18.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libaom3-3.2.0-150400.3.6.1 SUSE Linux Enterprise Server 15 SP4-TERADATA:libaom3-3.2.0-150400.3.6.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libaom0-1.0.0-150200.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libaom0-1.0.0-150200.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libaom3-3.2.0-150400.3.6.1 SUSE Manager Proxy 4.3:libaom3-3.2.0-150400.3.6.1 SUSE Manager Retail Branch Server 4.3:libaom3-3.2.0-150400.3.6.1 SUSE Manager Server 4.3:libaom3-3.2.0-150400.3.6.1 openSUSE Leap 15.5:aom-tools-3.2.0-150400.3.6.1 openSUSE Leap 15.5:libaom-devel-3.2.0-150400.3.6.1 openSUSE Leap 15.5:libaom-devel-doc-3.2.0-150400.3.6.1 openSUSE Leap 15.5:libaom3-3.2.0-150400.3.6.1 openSUSE Leap 15.5:libaom3-32bit-3.2.0-150400.3.6.1 openSUSE Leap 15.6:aom-tools-3.7.1-150600.3.3.1 openSUSE Leap 15.6:libaom-devel-3.7.1-150600.3.3.1 openSUSE Leap 15.6:libaom-devel-doc-3.7.1-150600.3.3.1 openSUSE Leap 15.6:libaom3-3.7.1-150600.3.3.1 openSUSE Leap 15.6:libaom3-32bit-3.7.1-150600.3.3.1 important 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H