Your submission was sent successfully! Close

CVE-2020-0034

Published: 10 March 2020

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
libvpx
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(1.7.0-3ubuntu0.18.04.1)
eoan Not vulnerable
(1.8.1-2)
focal Not vulnerable
(1.8.2-1)
groovy Not vulnerable
(1.8.2-1)
hirsute Not vulnerable
(1.8.2-1)
impish Not vulnerable
(1.8.2-1)
jammy Not vulnerable
(1.8.2-1)
kinetic Not vulnerable
(1.8.2-1)
precise Does not exist

trusty
Released (1.3.0-2ubuntu0.1~esm2)
upstream
Released (1.7.0-3)
xenial
Released (1.5.0-2ubuntu1.1+esm1)
Patches:
upstream: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a
vendor: https://android.googlesource.com/platform/external/libvpx/+/30d0c20d0d04151530de62df3937de27c4f204fd