CVE-2021-30473

Reference Links

• https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578
• https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
• https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/
• https://www.debian.org/security/2023/dsa-5490
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/
• https://security.gentoo.org/glsa/202401-32
• https://launchpad.net/bugs/cve/CVE-2021-30473
• https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/
• https://security-tracker.debian.org/tracker/CVE-2021-30473
• https://ubuntu.com/security/notices/USN-6447-1
• https://www.cve.org/CVERecord?id=CVE-2021-30473
• https://nvd.nist.gov/vuln/detail/CVE-2021-30473
• https://ubuntu.com/security/CVE-2021-30473

Parent vulnerabilities

(Appears in the following advisories)

• USN-6447-1

Frequently Asked Questions

• What is CVE-2021-30473?

  CVE-2021-30473 is a vulnerability in libaom that allows an attacker to free memory that is not located on the heap, potentially leading to a crash or arbitrary code execution.

• What is the severity of CVE-2021-30473?

  CVE-2021-30473 has a severity rating of 9.8 (Critical).

• Which software are affected by CVE-2021-30473?

  The following software versions are affected by CVE-2021-30473: Aomedia before 2021-04-07, Fedora 34, debian/aom up to version 1.0.0-3, and ubuntu/aom on focal.

• How can the CVE-2021-30473 vulnerability be exploited?

  An attacker can exploit CVE-2021-30473 by manipulating memory outside the allocated heap to cause a crash or execute arbitrary code.

• How can I fix CVE-2021-30473?

  To fix CVE-2021-30473, it is recommended to update to the latest version of the affected software or apply the provided patches from the respective vendors and maintainers.