CVE-2021-30474: Use After Free

Reference Links

• https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e
• https://bugs.chromium.org/p/aomedia/issues/detail?id=3000
• https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
• https://www.debian.org/security/2023/dsa-5490
• https://security.gentoo.org/glsa/202401-32
• https://launchpad.net/bugs/cve/CVE-2021-30474
• https://security-tracker.debian.org/tracker/CVE-2021-30474
• https://ubuntu.com/security/notices/USN-6447-1
• https://www.cve.org/CVERecord?id=CVE-2021-30474
• https://nvd.nist.gov/vuln/detail/CVE-2021-30474
• https://ubuntu.com/security/CVE-2021-30474

Parent vulnerabilities

(Appears in the following advisories)

• USN-6447-1

Frequently Asked Questions

• What is the vulnerability CVE-2021-30474?

  CVE-2021-30474 is a use-after-free vulnerability in libaom, allowing an attacker to execute arbitrary code or cause a denial of service.

• How severe is CVE-2021-30474?

  CVE-2021-30474 has a severity rating of 9.8 (Critical).

• What software is affected by CVE-2021-30474?

  Aomedia Aomedia versions up to and excluding 2021-03-30, and the debian/aom package versions 1.0.0-3, 1.0.0.errata1-3, 3.6.0-1, and 3.7.0~really3.6.1-1 are affected by CVE-2021-30474.

• How can I fix CVE-2021-30474?

  To fix CVE-2021-30474, update to a version of Aomedia Aomedia after 2021-03-30 or debian/aom package versions 1.0.0-3+, 1.0.0.errata1-3+, 3.6.0-1, or 3.7.0~really3.6.1-1.

• Where can I find more information about CVE-2021-30474?

  More information about CVE-2021-30474 can be found at the following references: - https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e - https://bugs.chromium.org/p/aomedia/issues/detail?id=3000 - https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html