Candidate: CVE-2020-0034
PublicDate: 2020-03-10 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0034
Description:
 In vp8_decode_frame of decodeframe.c, there is a possible out of bounds
 read due to improper input validation. This could lead to remote
 information disclosure if error correction were turned on, with no
 additional execution privileges needed. User interaction is not needed for
 exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID:
 A-62458770
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_libvpx:
 upstream: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a
 vendor: https://android.googlesource.com/platform/external/libvpx/+/30d0c20d0d04151530de62df3937de27c4f204fd
upstream_libvpx: released (1.7.0-3)
precise/esm_libvpx: DNE
trusty_libvpx: ignored (out of standard support)
trusty/esm_libvpx: needed
xenial_libvpx: ignored (end of standard support, was needed)
esm-infra/xenial_libvpx: needed
bionic_libvpx: not-affected (1.7.0-3ubuntu0.18.04.1)
eoan_libvpx: not-affected (1.8.1-2)
focal_libvpx: not-affected (1.8.2-1)
groovy_libvpx: not-affected (1.8.2-1)
hirsute_libvpx: not-affected (1.8.2-1)
impish_libvpx: not-affected (1.8.2-1)
jammy_libvpx: not-affected (1.8.2-1)
devel_libvpx: not-affected (1.8.2-1)