First published 20 June 2024
CVSS 3.1: 8.4 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A security vulnerability has been found in the Libaom multimedia library used in IGEL OS. This affects the following IGEL products:
-
IGEL OS 12
-
IGEL OS 11
Details
Libaom contains an integer overflow in the internal function img_alloc_helper, which can lead to a heap buffer overflow. Also, calling it with large values may lead to further integer overflows in calculations. This may lead to arbitrary code execution and is rated as high (CVE-2024-5171).
Update Instructions
-
OS 12: Update to base system version 12.4.2 or newer.
-
OS 11: Update to the upcoming IGEL OS 11.10.150 or newer.
References
-
CVE-2024-5171: https://www.cve.org/CVERecord?id=CVE-2024-5171