Skip to main content
Version: latest

CVE-2023-39616

CVE Details

Visit the official vulnerability details page for CVE-2023-39616 to learn more.

Initial Publication

01/20/2025

Last Update

09/02/2025

Third Party Dependency

libaom3

NIST CVE Summary

AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.

CVE Severity

7.5

Our Official Summary

This is a high-severity vulnerability affecting libaom, the reference AV1 video codec library developed by the Alliance for Open Media. This issue arises from an invalid memory read in the assign_frame_buffer_p function within the av1/common/av1_common_int.h file. Exploitation of this vulnerability could lead to application crashes or unauthorized access to memory contents, potentially resulting in a denial of service (DoS) or information disclosure.

Risk of exploitation is low for our products as attacker has to gain privilged access to the container and run code on the container to be able to exploit this. Probability of exploitation is very low. If a fix becomes available upstream, that will be adopted to fix this vulnerability.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.7.16⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.6.41⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.22⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact

Revision History

DateRevision
05/29/2025Status changed from Open to Ongoing
05/29/2025Official summary added