1486854 – (CVE-2017-0641) CVE-2017-0641 libvpx: Weak limit for frames

Bug 1486854 (CVE-2017-0641) - CVE-2017-0641 libvpx: Weak limit for frames

Summary: CVE-2017-0641 libvpx: Weak limit for frames

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2017-0641
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1486855
Blocks:	1486856
TreeView+	depends on / blocked

Reported:	2017-08-30 15:58 UTC by Andrej Nemec
Modified:	2019-09-29 14:19 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-31 06:07:12 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2017-08-30 15:58:45 UTC

A denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

References:

https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb

Comment 1 Andrej Nemec 2017-08-30 15:59:18 UTC

Created libvpx tracking bugs for this issue:

Affects: fedora-all [bug 1486855]

Comment 2 Huzaifa S. Sidhpurwala 2017-08-31 06:07:12 UTC

Analysis:

This is essentially an application crash caused due to parsing large files. The patch ensures that when libvpx is compiled it can only process smaller files.

Note You need to log in before you can comment on or make changes to this bug.