AomediaCVEs & Vulnerabilities
15 CVEs affecting Aomedia products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
Most Affected Products
In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().
AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.
AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.
libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.