Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 798126 (CVE-2021-30473)

Summary: <media-libs/libaom-3.2.0: free()'s memory not located on the heap (CVE-2021-30473)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://aomedia-review.googlesource.com/c/aom/+/134604
Whiteboard: ?? [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 828112    
Bug Blocks:    

Description John Helmert III gentoo-dev Security 2021-06-24 00:41:18 UTC 
CVE-2021-30473:

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:21:24 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:29:32 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:37:30 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:45:35 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:53:40 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:01:33 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:09:55 UTC 
Package list is empty or all packages have requested keywords.
Comment 8 Larry the Git Cow gentoo-dev 2021-12-24 06:14:15 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=628a37720393c8362cdecfaa9686e1e873f320c5

commit 628a37720393c8362cdecfaa9686e1e873f320c5
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-12-24 06:13:33 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-12-24 06:13:33 +0000

    media-libs/libaom: add 3.2.0
    
    Bug: https://bugs.gentoo.org/816027
    Bug: https://bugs.gentoo.org/828112
    Bug: https://bugs.gentoo.org/793932
    Bug: https://bugs.gentoo.org/798126
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/libaom/Manifest            |  1 +
 media-libs/libaom/libaom-3.2.0.ebuild | 84 +++++++++++++++++++++++++++++++++++
 media-libs/libaom/libaom-9999.ebuild  | 13 ++++--
 3 files changed, 95 insertions(+), 3 deletions(-)
Comment 9 Larry the Git Cow gentoo-dev 2022-01-09 15:48:27 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b879fded0dc01423d42526dbab7e9f66eefedbc

commit 8b879fded0dc01423d42526dbab7e9f66eefedbc
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-01-09 15:26:41 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-01-09 15:48:04 +0000

    media-libs/libaom: Cleanup vulnerable 2.0.0, 2.0.1 and 3.1.2
    
    Bug: https://bugs.gentoo.org/828112
    Bug: https://bugs.gentoo.org/793932
    Bug: https://bugs.gentoo.org/798126
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 media-libs/libaom/Manifest                         |   3 -
 media-libs/libaom/files/libaom-1.0.0-armv7l.patch  |  13 ---
 .../libaom/files/libaom-1.0.0-update-vsx-ppc.patch | 126 ---------------------
 media-libs/libaom/files/libaom-1.0.0-version.patch |  10 --
 media-libs/libaom/files/libdirpc2.patch            |  48 --------
 media-libs/libaom/files/pthread_lib2.patch         |  14 ---
 media-libs/libaom/libaom-2.0.0.ebuild              |  76 -------------
 media-libs/libaom/libaom-2.0.1.ebuild              |  76 -------------
 media-libs/libaom/libaom-3.1.2.ebuild              |  76 -------------
 9 files changed, 442 deletions(-)