Lucene search

K
centosCentOS ProjectCESA-2020:3876
HistoryOct 20, 2020 - 6:26 p.m.

libvpx security update

2020-10-2018:26:54
CentOS Project
lists.centos.org
133

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.011 Low

EPSS

Percentile

84.5%

CentOS Errata and Security Advisory CESA-2020:3876

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

  • libvpx: Denial of service in mediaserver (CVE-2017-0393)

  • libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)

  • libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)

  • libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-October/032835.html

Affected packages:
libvpx
libvpx-devel
libvpx-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:3876

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.011 Low

EPSS

Percentile

84.5%