aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578 https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
Created aom tracking bugs for this issue: Affects: epel-all [bug 1961377] Affects: fedora-all [bug 1961376]
I'm in the process of updating AOM to version 3.1.1, when it is released. I am also considering waiting for libjxl to be packaged and for its dependency highway to have its remaining bugs fixed (hopefully within the next two weeks). libjxl provides the tune=butteraugli function. See: - https://bugs.chromium.org/p/aomedia/issues/detail?id=3056 - https://bugzilla.redhat.com/show_bug.cgi?id=1922638 - https://github.com/google/highway/issues/93 - https://github.com/google/highway/issues/194
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.