CVE-2017-13194 in Ubuntu

CVE-2017-13194

Priority

Description

A vulnerability in the Android media framework (libvpx) related to odd
frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1.
Android ID: A-64710201.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13194
https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9
https://source.android.com/security/bulletin/pixel/2018-01-01
https://ubuntu.com/security/notices/USN-4199-1
https://ubuntu.com/security/notices/USN-4199-2

Assigned-to

mdeslaur

Notes

leosilva

code in trusty is quite different needs to be tested with the POC
if possible.

Package

Source: libvpx (LP Ubuntu Debian)

Upstream:	released (1.3.0-3+deb8u1, 1.7.0-2)
Ubuntu 18.04 LTS:	not-affected (1.7.0-3)
Ubuntu 20.04 LTS:	not-affected (1.7.0-3)
Ubuntu 16.04 ESM:	released (1.5.0-2ubuntu1.1)
Ubuntu 14.04 ESM:	released (1.3.0-2ubuntu0.1~esm1)

Patches:

Upstream:	https://github.com/webmproject/libvpx/commit/5a40c8fde11bf82cccb5bd2f57c46ab5e6262cbf
Upstream:	https://github.com/webmproject/libvpx/commit/33c598990bc771d7367fe6282bd445e92cd856a6

More Information

Updated: 2022-04-13 12:54:41 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)