CVE-2023-6879
CRITICAL WAF: Medium
CVSS 9.8
Published: 2023-12-27
CWE-20
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| aomedia | aomedia | up to 3.7.1 |
| fedoraproject | fedora | 38 |
| fedoraproject | fedora | 39 |
References
- aomedia.googlesource.com (Patch)
- crbug.com (Exploit, Issue Tracking, Mailing List, Patch, Third Party Advisory)
- lists.fedoraproject.org (Mailing List, Third Party Advisory)
- lists.fedoraproject.org (Mailing List, Third Party Advisory)