CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9746
https://notcve.org/view.php?id=CVE-2019-9746
13 Mar 2019 — In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212. En libwebm, en CVErsiones anteriores al 08/03/2019, una desreferencia de puntero NULL provocada por las funciones OutputCluster y OutputTracks en webm_info.cc desencadenarán una aborción, lo que permite un ataque de denegación de servicio. Este problema es similar a CCVE-2018-19212. • https://bugs.chromium.org/p/webm/issues/detail?id=1605 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19212
https://notcve.org/view.php?id=CVE-2018-19212
12 Nov 2018 — In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack. En libwebm hasta el 2018-10-03, hay un aborto provocado por libwebm::Webm2Pes::InitWebmParser() que conducirá a un ataque de denegación de servicio (DoS). • https://bugzilla.redhat.com/show_bug.cgi?id=1644196 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6548
https://notcve.org/view.php?id=CVE-2018-6548
02 Feb 2018 — A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en libwebm hasta el 02-02-2018. • https://bugs.chromium.org/p/webm/issues/detail?id=1493 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6406
https://notcve.org/view.php?id=CVE-2018-6406
30 Jan 2018 — The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. La función ParseVP9SuperFrameIndex en common/libwebm_util.cc en libwebm, hasta la versión 2018-01-30, no valida los datos child_frame_length obtenidos de un ar... • https://bugs.chromium.org/p/webm/issues/detail?id=1492 • CWE-125: Out-of-bounds Read •