CVE-2020-36133

Vulnerability

A global buffer overflow vulnerability exists in AOM (libaom) version 2.0.1 within the component av1/encoder/partition_search.h. The flaw occurs when processing specially crafted AV1 encoded data, allowing an attacker to write beyond the bounds of a global buffer. The affected version is 2.0.1; later versions have addressed the issue [1].

Exploitation

An attacker can trigger the overflow by providing a maliciously crafted AV1 bitstream to an application using the vulnerable libaom library. No authentication is required; the attack can be delivered remotely via network if the application processes untrusted input. The exact sequence involves encoding or decoding operations that reach the vulnerable partition search code path.

Impact

Successful exploitation could lead to remote code execution (RCE) in the context of the application using libaom. The overflow may corrupt memory, potentially allowing an attacker to control program flow. The Gentoo security advisory lists this vulnerability among those that can result in RCE [1].

Mitigation

The vulnerability is fixed in libaom version 3.2.0 and later. Users should upgrade to at least 3.2.0. There is no known workaround for this issue [1]. The Gentoo advisory recommends updating via emerge --sync and `emerge --ask --oneshot --verbose ">=media-libs/libaom-3.2.0".