CVE-2019-9325

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302

References

http://www.openwall.com/lists/oss-security/2019/10/25/17

http://www.openwall.com/lists/oss-security/2019/10/27/1

https://source.android.com/security/bulletin/android-10

Details

Source: MITRE

Published: 2019-09-27

Updated: 2019-10-26

Type: CWE-125

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
134967GLSA-202003-59 : libvpx: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
133253openSUSE Security Update : libvpx (openSUSE-2020-105)NessusSuSE Local Security Checks
high
133236Fedora 30 : libvpx (2020-6cd410d9e4)NessusFedora Local Security Checks
high
133141SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:0143-1)NessusSuSE Local Security Checks
high
132789Fedora 31 : libvpx (2020-65eac1b48b)NessusFedora Local Security Checks
high
131439Debian DSA-4578-1 : libvpx - security updateNessusDebian Local Security Checks
high
131314Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : libvpx vulnerabilities (USN-4199-1)NessusUbuntu Local Security Checks
high