libvpx-1.7.0-8.el8
エラータID: AXSA:2021-1123:01
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.
Security Fix(es):
* libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126)
* libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)
* libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371)
* libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-2126
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.
CVE-2019-9232
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
CVE-2019-9371
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254
CVE-2019-9433
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
Update packages.
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
N/A
SRPMS
- libvpx-1.7.0-8.el8.src.rpm
MD5: 1f6cb44612aefb4d9c73dec5c2df25ef
SHA-256: 8a8a130affae947497f33b85a0de3a35d766457df1f6b903fc0275a9d5cb221b
Size: 2.57 MB
Asianux Server 8 for x86_64
- libvpx-1.7.0-8.el8.x86_64.rpm
MD5: 51292f1efa7eabd13286b5d9e22d2f53
SHA-256: 9e8cdbe32b5b65ad313c5e279f814a07db2086ff1b99397cab51e6941f13a01b
Size: 852.68 kB - libvpx-1.7.0-8.el8.i686.rpm
MD5: 2495fecd7e5a200e0f2caa9af08483bb
SHA-256: 66c10f67837b0972b7857ac38e7db462997c5145c029b2d263ae95b4e34cfaf9
Size: 883.95 kB