#19873 closed enhancement (fixed)
libvpx-1.14.1
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (5)
comment:1 by , 4 weeks ago
| Priority: | normal → elevated |
|---|
comment:2 by , 4 weeks ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 4 weeks ago
2024-05-21 v1.14.1 "Venetian Duck"
This release includes enhancements and bug fixes.
- Upgrading: This release is ABI compatible with the previous release.
- Enhancement: Improved the detection of compiler support for AArch64 extensions, particularly SVE.
Added vpx_codec_get_global_headers() support for VP9.
- Bug fixes:
- Added buffer bounds checks to vpx_writer and vpx_write_bit_buffer.
- Fix to GetSegmentationData() crash in aq_mode=0 for RTC rate control.
- Fix to alloc for row_base_thresh_freq_fac.
- Free row mt memory before freeing cpi->tile_data.
- Fix to buffer alloc for vp9_bitstream_worker_data.
- Fix to VP8 race issue for multi-thread with pnsr_calc.
- Fix to uv width/height in vp9_scale_and_extend_frame_ssse3.
- Fix to integer division by zero and overflow in calc_pframe_target_size().
- Fix to integer overflow in vpx_img_alloc() & vpx_img_wrap()(CVE-2024-5197).
- Fix to UBSan error in vp9_rc_update_framerate().
- Fix to UBSan errors in vp8_new_framerate().
- Fix to integer overflow in vp8 encodeframe.c.
- Handle EINTR from sem_wait().
comment:4 by , 4 weeks ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits
313e38af66 Update to libcap-2.70. 473f5696e5 Update to wayland-1.23.0. fe221a224d Update to ruby-3.3.2. f53c7acf46 Update to libvpx-1.14.1.
comment:5 by , 3 weeks ago
Details are now available for the vulnerability, so SA-12.1-056 has been issued
Note:
See TracTickets
for help on using tickets.
Fixes CVE-2024-5197