Bug 651213 (CVE-2010-4203)

Summary: CVE-2010-4203 libvpx: memory corruption flaw
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bressers, jrb, ohudlick, tcallawa
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-28 22:20:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 652440, 652441, 652443    
Bug Blocks:    

Description Vincent Danen 2010-11-09 01:04:53 UTC 
A recent Google Chrome update indicated there was a memory corruption flaw in libvpx [1].

Upstream changes to correct the flaw are here:

https://review.webmproject.org/#change,928
http://review.webmproject.org/#change,1098

(the second is to fix some regressions introduced by the first patch, by the looks of things).

libvpx seems to only be used, currently, by gstreamer-plugins-bad-free.

[1] http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Comment 2 Vincent Danen 2010-11-09 22:04:34 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4203 to
the following vulnerability:

Name: CVE-2010-4203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4203
Assigned: 20101105
Reference: CONFIRM: http://code.google.com/p/chromium/issues/detail?id=60055
Reference: CONFIRM: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

WebM libvpx (aka the VP8 Codec SDK), as used in Google Chrome before
7.0.517.44, allows remote attackers to cause a denial of service
(memory corruption) or possibly have unspecified other impact via
unknown vectors.
Comment 4 Josh Bressers 2010-11-11 16:02:32 UTC 
The first patchset is applied in F14, the second is not. Given this reproducer doesn't work in F14, I suspect the flaw is fixed there. We should still try to get the second patchset applied though.
Comment 6 Josh Bressers 2010-11-11 21:01:40 UTC 
Created libvpx tracking bugs for this issue

Affects: fedora-all [bug 652443]
Comment 8 errata-xmlrpc 2010-12-20 17:47:43 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0999 https://rhn.redhat.com/errata/RHSA-2010-0999.html