In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. Upstream patch: https://github.com/webmproject/libvpx/commit/6a7c84a2449dcc70de2525df209afea908622399 References: http://www.openwall.com/lists/oss-security/2019/10/25/17 http://www.openwall.com/lists/oss-security/2019/10/27/1 http://www.openwall.com/lists/oss-security/2019/11/07/1
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-2126
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4629 https://access.redhat.com/errata/RHSA-2020:4629