CVE-2020-0034

Summary

CVE	CVE-2020-0034
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-03-10 20:15:00 UTC
Updated	2021-11-29 17:26:00 UTC
Description	In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Google	Android	8.0	All	All	All
Operating System	Google	Android	8.1	All	All	All
Operating System	Google	Android	8.0	All	All	All
Operating System	Google	Android	8.1	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 2829-1] libvpx security update	MLIST	lists.debian.org
Android Security Bulletin—March 2020 \| Android Open Source Project	MISC	source.android.com	Vendor Advisory
[security-announce] openSUSE-SU-2020:0680-1: moderate: Security update f	SUSE	lists.opensuse.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

178912 Debian Security Update for libvpx (DLA 2829-1)
377252 Alibaba Cloud Linux Security Update for libvpx (ALINUX2-SA-2020:0127)
501070 Alpine Linux Security Update for libvpx
751550 SUSE Enterprise Linux Security Update for libvpx (SUSE-SU-2021:4168-1)