Fluid Attacks Database

Description

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.11	libvpx	=0.9.1-r0 \|\| =0.9.2-r0 \|\| =0.9.5-r0 \|\| =0.9.6-r0 \|\| =0.9.6-r1 \|\| =0.9.7-r0 \|\| =0.9.7_p1-r0 \|\| =1.0.0-r0 \|\| =1.1.0-r0 \|\| =1.1.0-r1 \|\| =1.2.0-r0 \|\| =1.3.0-r0 \|\| =1.3.0-r1 \|\| =1.3.0-r2 \|\| =1.4.0-r0 \|\| =1.4.0-r1 \|\| =1.5.0-r0 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.8.0-r0 \|\| >=0 <1.8.1-r0	1.8.1-r0
debian 12	libvpx	>=0 <1.8.1-2	1.8.1-2
debian 13	libvpx	>=0 <1.8.1-2	1.8.1-2
debian 14	libvpx	>=0 <1.8.1-2	1.8.1-2
debian 11	libvpx	>=0 <1.8.1-2	1.8.1-2
rpm rhel6	libvpx	-	-
rpm rhel7	libvpx	<0:1.3.0-8.el7	0:1.3.0-8.el7
rpm rhel8	libvpx	<0:1.7.0-8.el8	0:1.7.0-8.el8

Aliases

1. CVE-2019-92322. NVD-2019-92323. OSV-ALPINE-2019-92324. OSV-2019-92325. OSV-DEBIAN-2019-92326. SECURITY-CVE-2019-92327. SECURITY-TRACKER-CVE-2019-9232

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.