UBUNTU-CVE-2020-0034

Source
https://ubuntu.com/security/CVE-2020-0034
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-0034.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-0034
Related
Published
2020-03-10T20:15:00Z
Modified
2024-11-20T12:24:27Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In vp8decodeframe of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

References

Affected packages

Ubuntu:Pro:14.04:LTS / libvpx

Package

Name
libvpx
Purl
pkg:deb/ubuntu/libvpx?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-2ubuntu0.1~esm2

Affected versions

1.*

1.2.0-2
1.3.0-1
1.3.0-2
1.3.0-2ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1.3.0-2ubuntu0.1~esm2",
            "binary_name": "libvpx-dev"
        },
        {
            "binary_version": "1.3.0-2ubuntu0.1~esm2",
            "binary_name": "libvpx-dev-dbgsym"
        },
        {
            "binary_version": "1.3.0-2ubuntu0.1~esm2",
            "binary_name": "libvpx-doc"
        },
        {
            "binary_version": "1.3.0-2ubuntu0.1~esm2",
            "binary_name": "libvpx1"
        },
        {
            "binary_version": "1.3.0-2ubuntu0.1~esm2",
            "binary_name": "libvpx1-dbg"
        },
        {
            "binary_version": "1.3.0-2ubuntu0.1~esm2",
            "binary_name": "libvpx1-dbgsym"
        },
        {
            "binary_version": "1.3.0-2ubuntu0.1~esm2",
            "binary_name": "vpx-tools"
        },
        {
            "binary_version": "1.3.0-2ubuntu0.1~esm2",
            "binary_name": "vpx-tools-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / libvpx

Package

Name
libvpx
Purl
pkg:deb/ubuntu/libvpx?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0-2ubuntu1.1+esm1

Affected versions

1.*

1.4.0-4
1.5.0-2
1.5.0-2ubuntu1
1.5.0-2ubuntu1.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1.5.0-2ubuntu1.1+esm1",
            "binary_name": "libvpx-dev"
        },
        {
            "binary_version": "1.5.0-2ubuntu1.1+esm1",
            "binary_name": "libvpx-dev-dbgsym"
        },
        {
            "binary_version": "1.5.0-2ubuntu1.1+esm1",
            "binary_name": "libvpx-doc"
        },
        {
            "binary_version": "1.5.0-2ubuntu1.1+esm1",
            "binary_name": "libvpx3"
        },
        {
            "binary_version": "1.5.0-2ubuntu1.1+esm1",
            "binary_name": "libvpx3-dbg"
        },
        {
            "binary_version": "1.5.0-2ubuntu1.1+esm1",
            "binary_name": "libvpx3-dbgsym"
        },
        {
            "binary_version": "1.5.0-2ubuntu1.1+esm1",
            "binary_name": "vpx-tools"
        },
        {
            "binary_version": "1.5.0-2ubuntu1.1+esm1",
            "binary_name": "vpx-tools-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / libvpx

Package

Name
libvpx
Purl
pkg:deb/ubuntu/libvpx?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-3ubuntu0.18.04.1

Affected versions

1.*

1.6.1-3
1.7.0-3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1.7.0-3ubuntu0.18.04.1",
            "binary_name": "libvpx-dev"
        },
        {
            "binary_version": "1.7.0-3ubuntu0.18.04.1",
            "binary_name": "libvpx-doc"
        },
        {
            "binary_version": "1.7.0-3ubuntu0.18.04.1",
            "binary_name": "libvpx5"
        },
        {
            "binary_version": "1.7.0-3ubuntu0.18.04.1",
            "binary_name": "libvpx5-dbgsym"
        },
        {
            "binary_version": "1.7.0-3ubuntu0.18.04.1",
            "binary_name": "vpx-tools"
        },
        {
            "binary_version": "1.7.0-3ubuntu0.18.04.1",
            "binary_name": "vpx-tools-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / libvpx

Package

Name
libvpx
Purl
pkg:deb/ubuntu/libvpx?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.2-1

Affected versions

1.*

1.8.1-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1.8.2-1",
            "binary_name": "libvpx-dev"
        },
        {
            "binary_version": "1.8.2-1",
            "binary_name": "libvpx-doc"
        },
        {
            "binary_version": "1.8.2-1",
            "binary_name": "libvpx6"
        },
        {
            "binary_version": "1.8.2-1",
            "binary_name": "libvpx6-dbgsym"
        },
        {
            "binary_version": "1.8.2-1",
            "binary_name": "vpx-tools"
        },
        {
            "binary_version": "1.8.2-1",
            "binary_name": "vpx-tools-dbgsym"
        }
    ]
}