CVE-2023-6879

CVE Details

Visit the official vulnerability details page for CVE-2023-6879 to learn more.

Initial Publication

01/20/2025

Last Update

02/26/2025

Third Party Dependency

libaom3

NIST CVE Summary

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().

CVE Severity

9.8

Our Official Summary

This is a critical vulnerability identified in the AOMedia Video 1 (AV1) codec library, libaom. This flaw arises when increasing the resolution of video frames during a multi-threaded encoding process, leading to a heap overflow in the av1_loop_restoration_dealloc() function. Exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a denial of service by crashing the application.

The images where this vulnrability is have controls in place are not accessible outside the cluster. So the attacker needs to gain privileged access to the cluster to attempt this exploit. Also the containers do not allow execution of arbitrary code. Impact of this exploit is also low, since container reduces the attack surface.

Status

Ongoing

Affected Products & Versions

Version	Palette Enterprise	Palette Enterprise Airgap	VerteX	VerteX Airgap
4.6.7	⚠️ Impacted	✅ No Impact	⚠️ Impacted	✅ No Impact
4.6.6	⚠️ Impacted	✅ No Impact	⚠️ Impacted	✅ No Impact
4.5.22	⚠️ Impacted	✅ No Impact	⚠️ Impacted	✅ No Impact
4.5.21	⚠️ Impacted	✅ No Impact	⚠️ Impacted	✅ No Impact
4.5.20	⚠️ Impacted	✅ No Impact	⚠️ Impacted	✅ No Impact

Revision History

Date	Revision
02/26/2025	Status changed from Open to Ongoing
02/26/2025	Official summary added
02/21/2025	Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7
02/17/2025	Impacted versions changed from 4.5.20, 4.5.21, 4.5.22 to 4.5.20, 4.5.21, 4.5.22, 4.6.6
02/14/2025	Impacted versions changed from 4.5.20, 4.5.21 to 4.5.20, 4.5.21, 4.5.22
02/05/2025	Impacted versions changed from 4.5.20 to 4.5.20, 4.5.21