{"id":"AZL-42963","summary":"CVE-2024-5197 affecting package libvpx 1.13.1-1","details":"There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond","modified":"2026-04-01T05:14:56.132476Z","published":"2024-06-03T14:15:09Z","upstream":["CVE-2024-5197"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5197"}],"affected":[{"package":{"name":"libvpx","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/libvpx"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.13.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42963.json"}}],"schema_version":"1.7.5"}