CVE-2020-0034
libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770
En la función vp8_decode_frame del archivo decodeframe.c, hay una posible lectura fuera de límites debido a una comprobación de entrada inapropiada. Esto podría conllevar a una divulgación de información remota si se activara una corrección de error, sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. Producto: Android, Versiones: Android-8.0 Android-8.1, ID de Android: A-62458770
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-10-17 CVE Reserved
- 2020-03-10 CVE Published
- 2024-01-13 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/11/msg00024.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.html | 2021-11-29 | |
| https://source.android.com/security/bulletin/2020-03-01 | 2021-11-29 | |
| https://access.redhat.com/security/cve/CVE-2020-0034 | 2020-09-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1813000 | 2020-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 8.0 Search vendor "Google" for product "Android" and version "8.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 8.1 Search vendor "Google" for product "Android" and version "8.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||