1813000 – (CVE-2020-0034) CVE-2020-0034 libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c

Bug 1813000 (CVE-2020-0034) - CVE-2020-0034 libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c

Summary: CVE-2020-0034 libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-0034
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1813001 1823909
Blocks:	1813002
TreeView+	depends on / blocked

Reported:	2020-03-12 17:06 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-02-16 20:28 UTC (History)
CC List:	1 user (show)
Fixed In Version:	libvpx 1.7.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-09-29 22:00:07 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:3876	0	None	None	None	2020-09-29 19:29:12 UTC

Description Guilherme de Almeida Suckevicz 2020-03-12 17:06:53 UTC

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.

Reference:
https://source.android.com/security/bulletin/2020-03-01

Comment 1 Guilherme de Almeida Suckevicz 2020-03-12 17:10:48 UTC

Created libvpx tracking bugs for this issue:

Affects: fedora-all [bug 1813001]

Comment 2 Marco Benatto 2020-04-14 19:05:20 UTC

Statement:

The version shipped with Red Hat Enterprse Linux 8 already contains the commit which fix this issue, thus this version is not affected.

Comment 4 Marco Benatto 2020-04-14 19:07:26 UTC

External References:

https://source.android.com/security/bulletin/2020-03-01

Comment 5 Marco Benatto 2020-04-14 19:08:14 UTC

Upstream commit for this issue:
https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a

Comment 6 errata-xmlrpc 2020-09-29 19:29:11 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:3876 https://access.redhat.com/errata/RHSA-2020:3876

Comment 7 Product Security DevOps Team 2020-09-29 22:00:07 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-0034

Note You need to log in before you can comment on or make changes to this bug.