Unrated severityNVD Advisory· Published Dec 2, 2021· Updated Aug 4, 2024

CVE-2020-36135

Description

AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in AOM v2.0.1's rate_hist.c allows denial of service via crafted input.

Vulnerability

A NULL pointer dereference vulnerability exists in AOM (libaom) version 2.0.1 within the rate_hist.c component [1]. The issue occurs when processing certain input that leads to a null pointer being dereferenced, causing a crash.

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted AV1 bitstream or other input that triggers the vulnerable code path in rate_hist.c. No authentication is required if the attacker can supply input to an application using libaom. The exact trigger conditions are not detailed in the available references.

Impact

Successful exploitation results in a denial of service (DoS) due to the NULL pointer dereference, causing the application to crash. The Gentoo advisory notes that multiple vulnerabilities in libaom could lead to remote code execution, but for this specific CVE, the impact is limited to a crash [1].

Mitigation

The vulnerability is fixed in libaom version 3.2.0 and later. Users should upgrade to at least that version. The Gentoo security advisory recommends updating to >=media-libs/libaom-3.2.0 [1]. No workaround is available.

References

Multiple Vulnerabilities (GLSA 202401-32) — Gentoo security

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

AOM/AOMdescription
AOM/AOMllm-fuzzy
Range: =2.0.1
osv-coords4 versions
pkg:rpm/opensuse/libaom&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/libaom&distro=openSUSE%20Leap%2015.3 pkg:rpm/suse/libaom&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2 pkg:rpm/suse/libaom&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3
< 1.0.0-lp152.3.9.1+ 3 more
- (no CPE)range: < 1.0.0-lp152.3.9.1
- (no CPE)range: < 1.0.0-3.9.1
- (no CPE)range: < 1.0.0-3.9.1
- (no CPE)range: < 1.0.0-3.9.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202401-32mitrevendor-advisory
www.debian.org/security/2023/dsa-5490mitrevendor-advisory
lists.debian.org/debian-lts-announce/2023/09/msg00003.htmlmitremailing-list
bugs.chromium.org/p/aomedia/issues/detailmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000