CVE-2019-9746
https://notcve.org/view.php?id=CVE-2019-9746
In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212. En libwebm, en CVErsiones anteriores al 08/03/2019, una desreferencia de puntero NULL provocada por las funciones OutputCluster y OutputTracks en webm_info.cc desencadenarán una aborción, lo que permite un ataque de denegación de servicio. Este problema es similar a CCVE-2018-19212. • https://bugs.chromium.org/p/webm/issues/detail?id=1605 https://chromium.googlesource.com/webm/libwebm/+/2427abe0bde234987ed005a3adca461e9a85dfb7 • CWE-476: NULL Pointer Dereference •
CVE-2018-19212
https://notcve.org/view.php?id=CVE-2018-19212
In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack. En libwebm hasta el 2018-10-03, hay un aborto provocado por libwebm::Webm2Pes::InitWebmParser() que conducirá a un ataque de denegación de servicio (DoS). • https://bugzilla.redhat.com/show_bug.cgi?id=1644196 • CWE-670: Always-Incorrect Control Flow Implementation •
CVE-2018-6548
https://notcve.org/view.php?id=CVE-2018-6548
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en libwebm hasta el 02-02-2018. • https://bugs.chromium.org/p/webm/issues/detail?id=1493 https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md • CWE-416: Use After Free •
CVE-2018-6406
https://notcve.org/view.php?id=CVE-2018-6406
The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. La función ParseVP9SuperFrameIndex en common/libwebm_util.cc en libwebm, hasta la versión 2018-01-30, no valida los datos child_frame_length obtenidos de un archivo .webm. Esto permite que atacantes remotos provoquen una fuga de información o una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap y escritura fuera de límites posterior) o que puedan provocar otro tipo de impacto sin especificar. • https://bugs.chromium.org/p/webm/issues/detail?id=1492 https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md • CWE-125: Out-of-bounds Read •