This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: AOMedia v3.7.1 has an input validation error. π **Consequence**: Upgrading video frame resolution during multi-threaded encoding triggers a **Heap Overflow** in `av1_loop_restoration_dealloc()`.β¦
π‘οΈ **Root Cause**: **CWE-20** (Improper Input Validation). The software fails to properly validate inputs when handling resolution changes in a multi-threaded context, leading to memory corruption.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: **libaom** (AOMedia library). π **Version**: All versions **prior to v3.7.1**. π’ **Vendor**: AOMedia Organization.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Attacker Actions**: Since CVSS is **High** (AV:N/PR:N), attackers can exploit this remotely without authentication. π― **Impact**: Full compromise!β¦
π« **Public Exploit**: **No**. The `pocs` field is empty. π **References**: Links point to Fedora package announcements and the official v3.7.1 release tag. No wild exploits or PoCs are currently public.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for **libaom** versions < 3.7.1. π‘ **Features**: Look for applications using AOMedia for video encoding.β¦
π₯ **Urgency**: **HIGH**. π **CVSS**: 9.8 (Critical). π¨ **Priority**: Patch immediately. Even though AC is High, the lack of auth and high impact makes this a critical risk for any service processing video streams.