Unrated severityNVD Advisory· Published Mar 10, 2020· Updated Aug 4, 2024
CVE-2020-0034
CVE-2020-0034
Description
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770
Affected products
13- Android/Androiddescription
- osv-coords12 versionspkg:rpm/opensuse/libvpx&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libvpx&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libvpx&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 1.6.1-lp151.5.6.1+ 11 more
- (no CPE)range: < 1.6.1-lp151.5.6.1
- (no CPE)range: < 1.11.0-3.1
- (no CPE)range: < 1.6.1-6.6.8
- (no CPE)range: < 1.6.1-6.6.8
- (no CPE)range: < 1.6.1-6.6.8
- (no CPE)range: < 1.6.1-6.6.8
- (no CPE)range: < 1.6.1-6.6.8
- (no CPE)range: < 1.6.1-6.6.8
- (no CPE)range: < 1.3.0-3.9.1
- (no CPE)range: < 1.3.0-3.9.1
- (no CPE)range: < 1.3.0-3.9.1
- (no CPE)range: < 1.3.0-3.9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.debian.org/debian-lts-announce/2021/11/msg00024.htmlmitremailing-listx_refsource_MLIST
- source.android.com/security/bulletin/2020-03-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.