A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Reference: https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc https://source.android.com/security/bulletin/2017-01-01.html
Created libvpx tracking bugs for this issue: Affects: fedora-all [bug 1769658]
Upstream bug: https://bugs.chromium.org/p/webm/issues/detail?id=851 (which contains a reproducer)
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3876 https://access.redhat.com/errata/RHSA-2020:3876
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-0393