CVE-2020-0034 — Out-of-bounds Read in Google Android

CWE-125 — Out-of-bounds Read CWE-20 — Improper Input Validation10 documents9 sources

Severity

7.5HIGHNVD

EPSS

4.5%

top 10.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webmproject Libvpx Google Android Debian Linux

Timeline

PublishedMar 10

Latest updateSep 26

Description

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5google/androidAndroid-8.0 Android-8.1

▶NVDgoogle/android8.0, 8.1+1

▶Debianwebmproject/libvpx< 1.7.0-3+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-96m3-53rw-386g: In vp8_decode_frame of decodeframe↗2022-05-24

▶

CVEList

CVE-2020-0034: In vp8_decode_frame of decodeframe↗2020-03-10

▶

OSV

CVE-2020-0034: In vp8_decode_frame of decodeframe↗2020-03-10

▶

📋Vendor Advisories

Ubuntu

libvpx vulnerability↗2022-09-26

▶

Red Hat

libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c↗2020-03-02

▶

Android

CVE-2020-0034: Android Security Bulletin 2020-03-01 CVE: CVE-2020-0034 Severity: HIGH Type: ID Affected AOSP versions: 8↗2020-03-01

▶

Debian

CVE-2020-0034: libvpx - In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due...↗2020

▶

💬Community

Bugzilla

CVE-2020-0034 libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c↗2020-03-12

▶

Bugzilla

CVE-2020-0034 libvpx: out-of-bounds read in vp8_decode_frame in decodeframe.c [fedora-all]↗2020-03-12

▶