Unrated severityNVD Advisory· Published Dec 2, 2021· Updated Aug 4, 2024

CVE-2020-36130

Description

AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in AOM v2.0.1's AV1 decoder can be triggered by a crafted input, leading to denial of service.

Vulnerability

A NULL pointer dereference vulnerability exists in AOM (libaom) version 2.0.1 within the file av1/av1_dx_iface.c. The bug is reachable when the AV1 decoder processes a specially crafted bitstream, causing a NULL pointer to be dereferenced. This affects the AV1 decoder component of the library.

Exploitation

An attacker can exploit this vulnerability by providing a malicious AV1 bitstream to the decoder. No authentication is required if the decoder is exposed to untrusted input (e.g., via a media player or browser). User interaction may be needed to open the crafted file or stream, but no special privileges are necessary.

Impact

Successful exploitation results in a NULL pointer dereference, leading to a crash and denial of service. While the Gentoo security advisory [1] notes that among multiple vulnerabilities in libaom the worst can lead to remote code execution, for this specific CVE the impact is limited to denial of service.

Mitigation

The Gentoo security advisory [1] recommends upgrading to media-libs/libaom-3.2.0 or later. No workaround is available. Users should update their libaom installation to the fixed version.

References

Multiple Vulnerabilities (GLSA 202401-32) — Gentoo security

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

AOM/AOMdescription
AOM/AOMllm-fuzzy
Range: =2.0.1
osv-coords4 versions
pkg:rpm/opensuse/libaom&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/libaom&distro=openSUSE%20Leap%2015.3 pkg:rpm/suse/libaom&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2 pkg:rpm/suse/libaom&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3
< 1.0.0-lp152.3.9.1+ 3 more
- (no CPE)range: < 1.0.0-lp152.3.9.1
- (no CPE)range: < 1.0.0-3.9.1
- (no CPE)range: < 1.0.0-3.9.1
- (no CPE)range: < 1.0.0-3.9.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202401-32mitrevendor-advisory
www.debian.org/security/2023/dsa-5490mitrevendor-advisory
lists.debian.org/debian-lts-announce/2023/09/msg00003.htmlmitremailing-list
bugs.chromium.org/p/aomedia/issues/detailmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000