CVE-2019-2126

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.

References

https://source.android.com/security/bulletin/2019-08-01

https://usn.ubuntu.com/4199-1/

Details

Source: MITRE

Published: 2019-08-20

Updated: 2019-11-25

Type: CWE-415

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
147382NewStart CGSL MAIN 6.02 : libvpx Multiple Vulnerabilities (NS-SA-2021-0060)NessusNewStart CGSL Local Security Checks
high
146031CentOS 8 : libvpx (CESA-2020:4629)NessusCentOS Local Security Checks
high
142773Oracle Linux 8 : libvpx (ELSA-2020-4629)NessusOracle Linux Local Security Checks
high
142413RHEL 8 : libvpx (RHSA-2020:4629)NessusRed Hat Local Security Checks
high
139970EulerOS 2.0 SP8 : libvpx (EulerOS-SA-2020-1867)NessusHuawei Local Security Checks
high
133253openSUSE Security Update : libvpx (openSUSE-2020-105)NessusSuSE Local Security Checks
high
133236Fedora 30 : libvpx (2020-6cd410d9e4)NessusFedora Local Security Checks
high
133141SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:0143-1)NessusSuSE Local Security Checks
high
132789Fedora 31 : libvpx (2020-65eac1b48b)NessusFedora Local Security Checks
high
131314Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : libvpx vulnerabilities (USN-4199-1)NessusUbuntu Local Security Checks
high