In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Upstream issue: https://chromium-review.googlesource.com/c/webm/libvpx/%2B/1395793 Upstream patch: https://github.com/webmproject/libvpx/commit/46e17f0cb4a80b36755c84b8bf15731d3386c08f References: http://www.openwall.com/lists/oss-security/2019/10/25/17 http://www.openwall.com/lists/oss-security/2019/10/27/1 http://www.openwall.com/lists/oss-security/2019/11/07/1
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3876 https://access.redhat.com/errata/RHSA-2020:3876
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9232
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4629 https://access.redhat.com/errata/RHSA-2020:4629