CVE-2020-0034

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-0034
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-0034.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-0034
Related
Published
2020-03-10T20:15:20Z
Modified
2024-09-11T04:31:59.485302Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In vp8decodeframe of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

References

Affected packages

Alpine:v3.11 / libvpx

Package

Name
libvpx
Purl
pkg:apk/alpine/libvpx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.2-r0

Affected versions

0.*

0.9.1-r0
0.9.2-r0
0.9.5-r0
0.9.6-r0
0.9.6-r1
0.9.7-r0
0.9.7_p1-r0

1.*

1.0.0-r0
1.1.0-r0
1.1.0-r1
1.2.0-r0
1.3.0-r0
1.3.0-r1
1.3.0-r2
1.4.0-r0
1.4.0-r1
1.5.0-r0
1.6.1-r0
1.6.1-r1
1.8.0-r0
1.8.1-r0

Debian:11 / libvpx

Package

Name
libvpx
Purl
pkg:deb/debian/libvpx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libvpx

Package

Name
libvpx
Purl
pkg:deb/debian/libvpx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libvpx

Package

Name
libvpx
Purl
pkg:deb/debian/libvpx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}