In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Upstream issue: https://chromium-review.googlesource.com/c/webm/libvpx/%2B/1070753 Upstream patch: https://github.com/webmproject/libvpx/commit/52add5896661d186dec284ed646a4b33b607d2c7 References: http://www.openwall.com/lists/oss-security/2019/10/25/17 http://www.openwall.com/lists/oss-security/2019/10/27/1 http://www.openwall.com/lists/oss-security/2019/11/07/1
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3876 https://access.redhat.com/errata/RHSA-2020:3876
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9433
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4629 https://access.redhat.com/errata/RHSA-2020:4629