CVE-2023-39616
CVE Details
Visit the official vulnerability details page for CVE-2023-39616 to learn more.
Initial Publication
01/20/2025
Last Update
09/02/2025
Third Party Dependency
libaom3
NIST CVE Summary
AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.
CVE Severity
Our Official Summary
This is a high-severity vulnerability affecting libaom, the reference AV1 video codec library developed by the Alliance for Open Media. This issue arises from an invalid memory read in the assign_frame_buffer_p function within the av1/common/av1_common_int.h file. Exploitation of this vulnerability could lead to application crashes or unauthorized access to memory contents, potentially resulting in a denial of service (DoS) or information disclosure.
Risk of exploitation is low for our products as attacker has to gain privilged access to the container and run code on the container to be able to exploit this. Probability of exploitation is very low. If a fix becomes available upstream, that will be adopted to fix this vulnerability.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 05/29/2025 | Status changed from Open to Ongoing |
| 05/29/2025 | Official summary added |