Skip to main content
Skip table of contents

ISN 2024-15: Libaom Vulnerability

First published 20 June 2024

CVSS 3.1: 8.4 (High)

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in the Libaom multimedia library used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12

  • IGEL OS 11

Details

Libaom contains an integer overflow in the internal function img_alloc_helper, which can lead to a heap buffer overflow. Also, calling it with large values may lead to further integer overflows in calculations. This may lead to arbitrary code execution and is rated as high (CVE-2024-5171).

Update Instructions

  • OS 12: Update to base system version 12.4.2 or newer.

  • OS 11: Update to the upcoming IGEL OS 11.10.150 or newer.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close