Lucene search

Ubuntu.comUB:CVE-2019-9746

HistoryMar 13, 2019 - 12:00 a.m.

CVE-2019-9746

2019-03-1300:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.0%

JSON

In libwebm before 2019-03-08, a NULL pointer dereference caused by the
functions OutputCluster and OutputTracks in webm_info.cc will trigger an
abort, which allows a DoS attack, a similar issue to CVE-2018-19212.

Notes

Author	Note
mdeslaur	as of 2020-08-12, unfixed in chromium-browser webm_info.cc doesn’t look to be built in the Ubuntu chromium-browser packages, marking as not-affected

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchoxide-qt< anyUNKNOWN
ubuntu18.04noarchqtwebengine-opensource-src< anyUNKNOWN
ubuntu20.04noarchqtwebengine-opensource-src< anyUNKNOWN
ubuntu22.04noarchqtwebengine-opensource-src< anyUNKNOWN
ubuntu23.10noarchqtwebengine-opensource-src< anyUNKNOWN
ubuntu24.04noarchqtwebengine-opensource-src< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	oxide-qt	< any	UNKNOWN
ubuntu	18.04	noarch	qtwebengine-opensource-src	< any	UNKNOWN
ubuntu	20.04	noarch	qtwebengine-opensource-src	< any	UNKNOWN
ubuntu	22.04	noarch	qtwebengine-opensource-src	< any	UNKNOWN
ubuntu	23.10	noarch	qtwebengine-opensource-src	< any	UNKNOWN
ubuntu	24.04	noarch	qtwebengine-opensource-src	< any	UNKNOWN

References

bugs.chromium.org/p/webm/issues/detail?id=1605

chromium.googlesource.com/webm/libwebm/+/2427abe0bde234987ed005a3adca461e9a85dfb7

github.com/webmproject/libwebm/commit/2427abe0bde234987ed005a3adca461e9a85dfb7

launchpad.net/bugs/cve/CVE-2019-9746

nvd.nist.gov/vuln/detail/CVE-2019-9746

security-tracker.debian.org/tracker/CVE-2019-9746

www.cve.org/CVERecord?id=CVE-2019-9746

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.0%

JSON

Related for UB:CVE-2019-9746