CVE-2020-0034

November 28, 2021

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

Summary:

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

Reference Links(if available):

  • https://source.android.com/security/bulletin/2020-03-01
  • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.html
  • https://lists.debian.org/debian-lts-announce/2021/11/msg00024.html

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:C/I:N/A:N

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    CISA Logo

    CISA: CISA Releases Three Industrial Control Systems Advisories

    April 25, 2024
    CISA Logo

    CISA: CISA Releases Four Industrial Control Systems Advisories

    April 25, 2024
    CISA Logo

    CISA: Oracle Releases Critical Patch Update Advisory for April 2024

    April 25, 2024
    CISA Logo

    CISA: Joint Guidance on Deploying AI Systems Securely

    April 25, 2024
    CISA Logo

    CISA: CISA and Partners Release Advisory on Akira Ransomware

    April 25, 2024