Vulnerability-Lookup

CVE-2019-9433 (GCVE-0-2019-9433)

Vulnerability from cvelistv5 – Published: 2019-09-27 18:05 – Updated: 2024-08-04 21:46

Summary

In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354

Severity ?

No CVSS data available.

CWE

Information disclosure

Assigner

google_android

References

13 references

URL	Tags
https://source.android.com/security/bulletin/android-10	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/1…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/10/27/1	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/11/07/1	mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4199-1/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://seclists.org/bugtraq/2019/Nov/43	mailing-listx_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4578	vendor-advisoryx_refsource_DEBIAN
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://security.gentoo.org/glsa/202003-59	vendor-advisoryx_refsource_GENTOO
https://usn.ubuntu.com/4199-2/	vendor-advisoryx_refsource_UBUNTU

Impacted products

1 product

Vendor	Product	Version
n/a	Android	Affected: Android-10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:46:30.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/android-10"
          },
          {
            "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
          },
          {
            "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
          },
          {
            "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
          },
          {
            "name": "USN-4199-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4199-1/"
          },
          {
            "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2012-1] libvpx security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html"
          },
          {
            "name": "20191128 [SECURITY] [DSA 4578-1] libvpx security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/43"
          },
          {
            "name": "DSA-4578",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4578"
          },
          {
            "name": "FEDORA-2020-65eac1b48b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/"
          },
          {
            "name": "FEDORA-2020-6cd410d9e4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/"
          },
          {
            "name": "openSUSE-SU-2020:0105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html"
          },
          {
            "name": "GLSA-202003-59",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-59"
          },
          {
            "name": "USN-4199-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4199-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Android-10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-23T23:06:11.000Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://source.android.com/security/bulletin/android-10"
        },
        {
          "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
        },
        {
          "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
        },
        {
          "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
        },
        {
          "name": "USN-4199-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4199-1/"
        },
        {
          "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2012-1] libvpx security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html"
        },
        {
          "name": "20191128 [SECURITY] [DSA 4578-1] libvpx security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/43"
        },
        {
          "name": "DSA-4578",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4578"
        },
        {
          "name": "FEDORA-2020-65eac1b48b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/"
        },
        {
          "name": "FEDORA-2020-6cd410d9e4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/"
        },
        {
          "name": "openSUSE-SU-2020:0105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html"
        },
        {
          "name": "GLSA-202003-59",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-59"
        },
        {
          "name": "USN-4199-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4199-2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2019-9433",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android-10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/android-10",
              "refsource": "MISC",
              "url": "https://source.android.com/security/bulletin/android-10"
            },
            {
              "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
            },
            {
              "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
            },
            {
              "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
            },
            {
              "name": "USN-4199-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4199-1/"
            },
            {
              "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2012-1] libvpx security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html"
            },
            {
              "name": "20191128 [SECURITY] [DSA 4578-1] libvpx security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/43"
            },
            {
              "name": "DSA-4578",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4578"
            },
            {
              "name": "FEDORA-2020-65eac1b48b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/"
            },
            {
              "name": "FEDORA-2020-6cd410d9e4",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/"
            },
            {
              "name": "openSUSE-SU-2020:0105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html"
            },
            {
              "name": "GLSA-202003-59",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-59"
            },
            {
              "name": "USN-4199-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4199-2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2019-9433",
    "datePublished": "2019-09-27T18:05:18.000Z",
    "dateReserved": "2019-02-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:46:30.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-9433",
      "date": "2026-05-20",
      "epss": "0.08604",
      "percentile": "0.92513"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D558D965-FA70-4822-A770-419E73BA9ED3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354\"}, {\"lang\": \"es\", \"value\": \"En libvpx, se presenta una posible divulgaci\\u00f3n de informaci\\u00f3n debido a una comprobaci\\u00f3n de entrada inapropiada. Esto podr\\u00eda conllevar a una divulgaci\\u00f3n de informaci\\u00f3n remota sin ser necesarios privilegios de ejecuci\\u00f3n adicionales. Es requerida una interacci\\u00f3n del usuario para su explotaci\\u00f3n. Producto: Android, Versiones: Android-10, ID de Android: A-80479354\"}]",
      "id": "CVE-2019-9433",
      "lastModified": "2024-11-21T04:51:38.090",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-09-27T19:15:29.000",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html\", \"source\": \"security@android.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/10/25/17\", \"source\": \"security@android.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/10/27/1\", \"source\": \"security@android.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/11/07/1\", \"source\": \"security@android.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html\", \"source\": \"security@android.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/\", \"source\": \"security@android.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/\", \"source\": \"security@android.com\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Nov/43\", \"source\": \"security@android.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-59\", \"source\": \"security@android.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://source.android.com/security/bulletin/android-10\", \"source\": \"security@android.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4199-1/\", \"source\": \"security@android.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4199-2/\", \"source\": \"security@android.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4578\", \"source\": \"security@android.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/10/25/17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/10/27/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/11/07/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Nov/43\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-59\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://source.android.com/security/bulletin/android-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4199-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4199-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4578\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@android.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-9433\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2019-09-27T19:15:29.000\",\"lastModified\":\"2024-11-21T04:51:38.090\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354\"},{\"lang\":\"es\",\"value\":\"En libvpx, se presenta una posible divulgaci\u00f3n de informaci\u00f3n debido a una comprobaci\u00f3n de entrada inapropiada. Esto podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n remota sin ser necesarios privilegios de ejecuci\u00f3n adicionales. Es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Android-10, ID de Android: A-80479354\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D558D965-FA70-4822-A770-419E73BA9ED3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html\",\"source\":\"security@android.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/25/17\",\"source\":\"security@android.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/27/1\",\"source\":\"security@android.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/11/07/1\",\"source\":\"security@android.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html\",\"source\":\"security@android.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/\",\"source\":\"security@android.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/\",\"source\":\"security@android.com\"},{\"url\":\"https://seclists.org/bugtraq/2019/Nov/43\",\"source\":\"security@android.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-59\",\"source\":\"security@android.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://source.android.com/security/bulletin/android-10\",\"source\":\"security@android.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4199-1/\",\"source\":\"security@android.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4199-2/\",\"source\":\"security@android.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4578\",\"source\":\"security@android.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/25/17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/27/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/11/07/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Nov/43\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-59\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://source.android.com/security/bulletin/android-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4199-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4199-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4578\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2019-AVI-405

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Android version Q sans le correctif de sécurité 2019-09-01

References

Title

Publication Time

CERTFR-2019-AVI-405

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Android version Q sans le correctif de sécurité 2019-09-01

References

Title

Publication Time

alsa-2020:4629

Vulnerability from osv_almalinux

Published

2020-11-03 12:21

Modified

2021-11-12 10:20

Summary

Moderate: libvpx security update

Details

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126)
libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)
libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371)
libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2020-4629.html	ADVISORY
	https://vulners.com/cve/CVE-2019-2126	REPORT
	https://vulners.com/cve/CVE-2019-9232	REPORT
	https://vulners.com/cve/CVE-2019-9371	REPORT
	https://vulners.com/cve/CVE-2019-9433	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libvpx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.0-8.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libvpx-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.0-8.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.\n\nSecurity Fix(es):\n\n* libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126)\n\n* libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)\n\n* libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371)\n\n* libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2020:4629",
  "modified": "2021-11-12T10:20:56Z",
  "published": "2020-11-03T12:21:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-4629.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2126"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-9232"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-9371"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-9433"
    }
  ],
  "related": [
    "CVE-2019-2126",
    "CVE-2019-9232",
    "CVE-2019-9371",
    "CVE-2019-9433"
  ],
  "summary": "Moderate: libvpx security update"
}

BDU:2020-01762

Vulnerability from fstec - Published: 27.09.2019

Title

Уязвимость библиотеки мультимедиа libvpx, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным

Description

Уязвимость библиотеки мультимедиа libvpx связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vendor

Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., Fedora Project, The WebM Project, АО «Концерн ВНИИНС»

Software Name

Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Fedora, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), libvpx, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 19.04 (Ubuntu), 8 (Red Hat Enterprise Linux), 15.1 (OpenSUSE Leap), 30 (Fedora), 8 (Debian GNU/Linux), 31 (Fedora), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), до 1.3.0-3 (libvpx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Libvpx: Обновление программного обеспечения до 1.8.2-1 или более поздней версии Для Debian: Обновление программного обеспечения (пакета libvpx) до 1.6.1-3+deb9u2 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета libvpx) до 1.6.1-3+deb9u2 или более поздней версии Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2019-9433 Для Ubuntu: https://usn.ubuntu.com/4199-1/ Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/ Для ОС ОН «Стрелец»: Обновление программного обеспечения libvpx до версии 1.7.0-3+deb10u1.strelets1

Reference

https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html https://access.redhat.com/security/cve/CVE-2019-9433 https://usn.ubuntu.com/4199-1/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/ https://source.android.com/security/bulletin/android-10 https://nvd.nist.gov/vuln/detail/CVE-2019-9433 https://security-tracker.debian.org/tracker/CVE-2019-9433 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20200429SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Fedora Project, The WebM Project, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 19.04 (Ubuntu), 8 (Red Hat Enterprise Linux), 15.1 (OpenSUSE Leap), 30 (Fedora), 8 (Debian GNU/Linux), 31 (Fedora), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u0434\u043e 1.3.0-3 (libvpx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Libvpx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1.8.2-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libvpx) \u0434\u043e 1.6.1-3+deb9u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libvpx) \u0434\u043e 1.6.1-3+deb9u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2019-9433\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4199-1/\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libvpx \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.7.0-3+deb10u1.strelets1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.09.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.04.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01762",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-9433",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Fedora, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), libvpx, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 19.04 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.1 , Fedora Project Fedora 30 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Fedora Project Fedora 31 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0430 libvpx, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0430 libvpx \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html\nhttps://access.redhat.com/security/cve/CVE-2019-9433\nhttps://usn.ubuntu.com/4199-1/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/\nhttps://source.android.com/security/bulletin/android-10\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9433\nhttps://security-tracker.debian.org/tracker/CVE-2019-9433\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20200429SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CNVD-2019-34132

Vulnerability from cnvd - Published: 2019-10-08

Title

Google Android信息泄露漏洞（CNVD-2019-34132）

Description

Android是美国Google公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。 Google Android中的libvpx存在信息泄露漏洞。该漏洞源于输入验证不当。远程攻击者可利用该漏洞获取信息。

Severity

中

Patch Name

Google Android信息泄露漏洞（CNVD-2019-34132）的补丁

Patch Description

Android是美国Google公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。 Google Android中的libvpx存在信息泄露漏洞。该漏洞源于输入验证不当。远程攻击者可利用该漏洞获取信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://source.android.com/security/bulletin/android-10

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-9433

Impacted products

Name
Google Android 10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-9433",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-9433"
    }
  },
  "description": "Android\u662f\u7f8e\u56fdGoogle\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nGoogle Android\u4e2d\u7684libvpx\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f93\u5165\u9a8c\u8bc1\u4e0d\u5f53\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://source.android.com/security/bulletin/android-10",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-34132",
  "openTime": "2019-10-08",
  "patchDescription": "Android\u662f\u7f8e\u56fdGoogle\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nGoogle Android\u4e2d\u7684libvpx\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f93\u5165\u9a8c\u8bc1\u4e0d\u5f53\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Android\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-34132\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Android\u00a0 10"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-9433",
  "serverity": "\u4e2d",
  "submitTime": "2019-09-30",
  "title": "Google Android\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-34132\uff09"
}

FKIE_CVE-2019-9433

Vulnerability from fkie_nvd - Published: 2019-09-27 19:15 - Updated: 2024-11-21 04:51

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security@android.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html	Mailing List, Third Party Advisory
security@android.com	http://www.openwall.com/lists/oss-security/2019/10/25/17	Mailing List
security@android.com	http://www.openwall.com/lists/oss-security/2019/10/27/1	Mailing List
security@android.com	http://www.openwall.com/lists/oss-security/2019/11/07/1	Mailing List
security@android.com	https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html	Mailing List, Third Party Advisory
security@android.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/
security@android.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/
security@android.com	https://seclists.org/bugtraq/2019/Nov/43	Mailing List, Third Party Advisory
security@android.com	https://security.gentoo.org/glsa/202003-59	Third Party Advisory
security@android.com	https://source.android.com/security/bulletin/android-10	Vendor Advisory
security@android.com	https://usn.ubuntu.com/4199-1/	Third Party Advisory
security@android.com	https://usn.ubuntu.com/4199-2/	Third Party Advisory
security@android.com	https://www.debian.org/security/2019/dsa-4578	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/10/25/17	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/10/27/1	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/11/07/1	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Nov/43	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202003-59	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://source.android.com/security/bulletin/android-10	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4199-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4199-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4578	Third Party Advisory

Impacted products

Vendor	Product	Version
google	android	10.0
opensuse	leap	15.1
fedoraproject	fedora	30
fedoraproject	fedora	31
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354"
    },
    {
      "lang": "es",
      "value": "En libvpx, se presenta una posible divulgaci\u00f3n de informaci\u00f3n debido a una comprobaci\u00f3n de entrada inapropiada. Esto podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n remota sin ser necesarios privilegios de ejecuci\u00f3n adicionales. Es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Android-10, ID de Android: A-80479354"
    }
  ],
  "id": "CVE-2019-9433",
  "lastModified": "2024-11-21T04:51:38.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-27T19:15:29.000",
  "references": [
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html"
    },
    {
      "source": "security@android.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/"
    },
    {
      "source": "security@android.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Nov/43"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-59"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/android-10"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4199-1/"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4199-2/"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Nov/43"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-59"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/android-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4199-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4199-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4578"
    }
  ],
  "sourceIdentifier": "security@android.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-45WR-H3W5-Q72V

Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2022-10-14 12:00

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-27T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354",
  "id": "GHSA-45wr-h3w5-q72v",
  "modified": "2022-10-14T12:00:20Z",
  "published": "2022-05-24T22:00:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9433"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Nov/43"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-59"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-10"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4199-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4199-2"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4578"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-9433

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-9433

Aliases

CVE-2019-9433

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9433",
    "description": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354",
    "id": "GSD-2019-9433",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-9433.html",
      "https://www.debian.org/security/2019/dsa-4578",
      "https://access.redhat.com/errata/RHSA-2020:4629",
      "https://access.redhat.com/errata/RHSA-2020:3876",
      "https://ubuntu.com/security/CVE-2019-9433",
      "https://linux.oracle.com/cve/CVE-2019-9433.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9433"
      ],
      "details": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354",
      "id": "GSD-2019-9433",
      "modified": "2023-12-13T01:23:47.349826Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@android.com",
        "ID": "CVE-2019-9433",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Android",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Android-10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://source.android.com/security/bulletin/android-10",
            "refsource": "MISC",
            "url": "https://source.android.com/security/bulletin/android-10"
          },
          {
            "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
          },
          {
            "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
          },
          {
            "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
          },
          {
            "name": "USN-4199-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4199-1/"
          },
          {
            "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2012-1] libvpx security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html"
          },
          {
            "name": "20191128 [SECURITY] [DSA 4578-1] libvpx security update",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/Nov/43"
          },
          {
            "name": "DSA-4578",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2019/dsa-4578"
          },
          {
            "name": "FEDORA-2020-65eac1b48b",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/"
          },
          {
            "name": "FEDORA-2020-6cd410d9e4",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/"
          },
          {
            "name": "openSUSE-SU-2020:0105",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html"
          },
          {
            "name": "GLSA-202003-59",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202003-59"
          },
          {
            "name": "USN-4199-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4199-2/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2019-9433"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/android-10",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://source.android.com/security/bulletin/android-10"
            },
            {
              "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
            },
            {
              "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
            },
            {
              "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
            },
            {
              "name": "USN-4199-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4199-1/"
            },
            {
              "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2012-1] libvpx security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html"
            },
            {
              "name": "20191128 [SECURITY] [DSA 4578-1] libvpx security update",
              "refsource": "BUGTRAQ",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/43"
            },
            {
              "name": "DSA-4578",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4578"
            },
            {
              "name": "FEDORA-2020-65eac1b48b",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/"
            },
            {
              "name": "FEDORA-2020-6cd410d9e4",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/"
            },
            {
              "name": "openSUSE-SU-2020:0105",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html"
            },
            {
              "name": "GLSA-202003-59",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202003-59"
            },
            {
              "name": "USN-4199-2",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4199-2/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-10-14T02:09Z",
      "publishedDate": "2019-09-27T19:15Z"
    }
  }
}

OPENSUSE-SU-2020:0105-1

Vulnerability from csaf_opensuse - Published: 2020-01-25 23:14 - Updated: 2020-01-25 23:14

Summary

Security update for libvpx

Severity

Important

Notes

Title of the patch: Security update for libvpx

Description of the patch: This update for libvpx fixes the following issues: - CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611). - CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612). - CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613). - CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614). - CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2020-105

CVE-2019-2126

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-9232

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-9325

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2019-9371

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-9433

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

24 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1160611	self
https://bugzilla.suse.com/1160612	self
https://bugzilla.suse.com/1160613	self
https://bugzilla.suse.com/1160614	self
https://bugzilla.suse.com/1160615	self
https://www.suse.com/security/cve/CVE-2019-2126/	self
https://www.suse.com/security/cve/CVE-2019-9232/	self
https://www.suse.com/security/cve/CVE-2019-9325/	self
https://www.suse.com/security/cve/CVE-2019-9371/	self
https://www.suse.com/security/cve/CVE-2019-9433/	self
https://www.suse.com/security/cve/CVE-2019-2126	external
https://bugzilla.suse.com/1160611	external
https://www.suse.com/security/cve/CVE-2019-9232	external
https://bugzilla.suse.com/1160613	external
https://www.suse.com/security/cve/CVE-2019-9325	external
https://bugzilla.suse.com/1160612	external
https://www.suse.com/security/cve/CVE-2019-9371	external
https://bugzilla.suse.com/1160615	external
https://www.suse.com/security/cve/CVE-2019-9433	external
https://bugzilla.suse.com/1160614	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for libvpx",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for libvpx fixes the following issues:\n\n- CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611).\n- CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612).\n- CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613).\n- CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614).\n- CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-105",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0105-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0105-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T4RF53ZFC352SC6CQMBMJW5OCHIHHCUV/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0105-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T4RF53ZFC352SC6CQMBMJW5OCHIHHCUV/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1160611",
        "url": "https://bugzilla.suse.com/1160611"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1160612",
        "url": "https://bugzilla.suse.com/1160612"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1160613",
        "url": "https://bugzilla.suse.com/1160613"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1160614",
        "url": "https://bugzilla.suse.com/1160614"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1160615",
        "url": "https://bugzilla.suse.com/1160615"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-2126 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-2126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9232 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9232/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9325 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9325/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9371 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9371/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9433 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9433/"
      }
    ],
    "title": "Security update for libvpx",
    "tracking": {
      "current_release_date": "2020-01-25T23:14:06Z",
      "generator": {
        "date": "2020-01-25T23:14:06Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0105-1",
      "initial_release_date": "2020-01-25T23:14:06Z",
      "revision_history": [
        {
          "date": "2020-01-25T23:14:06Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvpx-devel-1.6.1-lp151.5.3.1.i586",
                "product": {
                  "name": "libvpx-devel-1.6.1-lp151.5.3.1.i586",
                  "product_id": "libvpx-devel-1.6.1-lp151.5.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-1.6.1-lp151.5.3.1.i586",
                "product": {
                  "name": "libvpx4-1.6.1-lp151.5.3.1.i586",
                  "product_id": "libvpx4-1.6.1-lp151.5.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "vpx-tools-1.6.1-lp151.5.3.1.i586",
                "product": {
                  "name": "vpx-tools-1.6.1-lp151.5.3.1.i586",
                  "product_id": "vpx-tools-1.6.1-lp151.5.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
                "product": {
                  "name": "libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
                  "product_id": "libvpx-devel-1.6.1-lp151.5.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-1.6.1-lp151.5.3.1.x86_64",
                "product": {
                  "name": "libvpx4-1.6.1-lp151.5.3.1.x86_64",
                  "product_id": "libvpx4-1.6.1-lp151.5.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
                "product": {
                  "name": "libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
                  "product_id": "libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vpx-tools-1.6.1-lp151.5.3.1.x86_64",
                "product": {
                  "name": "vpx-tools-1.6.1-lp151.5.3.1.x86_64",
                  "product_id": "vpx-tools-1.6.1-lp151.5.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx-devel-1.6.1-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586"
        },
        "product_reference": "libvpx-devel-1.6.1-lp151.5.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx-devel-1.6.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64"
        },
        "product_reference": "libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-1.6.1-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586"
        },
        "product_reference": "libvpx4-1.6.1-lp151.5.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-1.6.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64"
        },
        "product_reference": "libvpx4-1.6.1-lp151.5.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64"
        },
        "product_reference": "libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vpx-tools-1.6.1-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586"
        },
        "product_reference": "vpx-tools-1.6.1-lp151.5.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vpx-tools-1.6.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
        },
        "product_reference": "vpx-tools-1.6.1-lp151.5.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-2126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-2126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-2126",
          "url": "https://www.suse.com/security/cve/CVE-2019-2126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160611 for CVE-2019-2126",
          "url": "https://bugzilla.suse.com/1160611"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-25T23:14:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-2126"
    },
    {
      "cve": "CVE-2019-9232",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9232"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9232",
          "url": "https://www.suse.com/security/cve/CVE-2019-9232"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160613 for CVE-2019-9232",
          "url": "https://bugzilla.suse.com/1160613"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-25T23:14:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-9232"
    },
    {
      "cve": "CVE-2019-9325",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9325"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9325",
          "url": "https://www.suse.com/security/cve/CVE-2019-9325"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160612 for CVE-2019-9325",
          "url": "https://bugzilla.suse.com/1160612"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-25T23:14:06Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-9325"
    },
    {
      "cve": "CVE-2019-9371",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9371"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9371",
          "url": "https://www.suse.com/security/cve/CVE-2019-9371"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160615 for CVE-2019-9371",
          "url": "https://bugzilla.suse.com/1160615"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-25T23:14:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-9371"
    },
    {
      "cve": "CVE-2019-9433",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9433"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
          "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
          "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9433",
          "url": "https://www.suse.com/security/cve/CVE-2019-9433"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160614 for CVE-2019-9433",
          "url": "https://bugzilla.suse.com/1160614"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.3.1.x86_64",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.i586",
            "openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-25T23:14:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-9433"
    }
  ]
}

OPENSUSE-SU-2024:11010-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libvpx-devel-1.10.0-1.3 on GA media

Severity

Moderate

Notes

Title of the patch: libvpx-devel-1.10.0-1.3 on GA media

Description of the patch: These are all security issues fixed in the libvpx-devel-1.10.0-1.3 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-11010

CVE-2017-0641

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-13194

5.6 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-2126

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-9232

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-9325

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2019-9371

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-9433

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64	—	Vendor Fix

Threats

Impact moderate

References

23 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2017-0641/	self
https://www.suse.com/security/cve/CVE-2017-13194/	self
https://www.suse.com/security/cve/CVE-2019-2126/	self
https://www.suse.com/security/cve/CVE-2019-9232/	self
https://www.suse.com/security/cve/CVE-2019-9325/	self
https://www.suse.com/security/cve/CVE-2019-9371/	self
https://www.suse.com/security/cve/CVE-2019-9433/	self
https://www.suse.com/security/cve/CVE-2017-0641	external
https://bugzilla.suse.com/1056539	external
https://www.suse.com/security/cve/CVE-2017-13194	external
https://bugzilla.suse.com/1075992	external
https://www.suse.com/security/cve/CVE-2019-2126	external
https://bugzilla.suse.com/1160611	external
https://www.suse.com/security/cve/CVE-2019-9232	external
https://bugzilla.suse.com/1160613	external
https://www.suse.com/security/cve/CVE-2019-9325	external
https://bugzilla.suse.com/1160612	external
https://www.suse.com/security/cve/CVE-2019-9371	external
https://bugzilla.suse.com/1160615	external
https://www.suse.com/security/cve/CVE-2019-9433	external
https://bugzilla.suse.com/1160614	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libvpx-devel-1.10.0-1.3 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libvpx-devel-1.10.0-1.3 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11010",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11010-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-0641 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-0641/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-13194 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-13194/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-2126 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-2126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9232 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9232/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9325 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9325/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9371 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9371/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9433 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9433/"
      }
    ],
    "title": "libvpx-devel-1.10.0-1.3 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11010-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvpx-devel-1.10.0-1.3.aarch64",
                "product": {
                  "name": "libvpx-devel-1.10.0-1.3.aarch64",
                  "product_id": "libvpx-devel-1.10.0-1.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx6-1.10.0-1.3.aarch64",
                "product": {
                  "name": "libvpx6-1.10.0-1.3.aarch64",
                  "product_id": "libvpx6-1.10.0-1.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx6-32bit-1.10.0-1.3.aarch64",
                "product": {
                  "name": "libvpx6-32bit-1.10.0-1.3.aarch64",
                  "product_id": "libvpx6-32bit-1.10.0-1.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "vpx-tools-1.10.0-1.3.aarch64",
                "product": {
                  "name": "vpx-tools-1.10.0-1.3.aarch64",
                  "product_id": "vpx-tools-1.10.0-1.3.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvpx-devel-1.10.0-1.3.ppc64le",
                "product": {
                  "name": "libvpx-devel-1.10.0-1.3.ppc64le",
                  "product_id": "libvpx-devel-1.10.0-1.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx6-1.10.0-1.3.ppc64le",
                "product": {
                  "name": "libvpx6-1.10.0-1.3.ppc64le",
                  "product_id": "libvpx6-1.10.0-1.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx6-32bit-1.10.0-1.3.ppc64le",
                "product": {
                  "name": "libvpx6-32bit-1.10.0-1.3.ppc64le",
                  "product_id": "libvpx6-32bit-1.10.0-1.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "vpx-tools-1.10.0-1.3.ppc64le",
                "product": {
                  "name": "vpx-tools-1.10.0-1.3.ppc64le",
                  "product_id": "vpx-tools-1.10.0-1.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvpx-devel-1.10.0-1.3.s390x",
                "product": {
                  "name": "libvpx-devel-1.10.0-1.3.s390x",
                  "product_id": "libvpx-devel-1.10.0-1.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx6-1.10.0-1.3.s390x",
                "product": {
                  "name": "libvpx6-1.10.0-1.3.s390x",
                  "product_id": "libvpx6-1.10.0-1.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx6-32bit-1.10.0-1.3.s390x",
                "product": {
                  "name": "libvpx6-32bit-1.10.0-1.3.s390x",
                  "product_id": "libvpx6-32bit-1.10.0-1.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "vpx-tools-1.10.0-1.3.s390x",
                "product": {
                  "name": "vpx-tools-1.10.0-1.3.s390x",
                  "product_id": "vpx-tools-1.10.0-1.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvpx-devel-1.10.0-1.3.x86_64",
                "product": {
                  "name": "libvpx-devel-1.10.0-1.3.x86_64",
                  "product_id": "libvpx-devel-1.10.0-1.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx6-1.10.0-1.3.x86_64",
                "product": {
                  "name": "libvpx6-1.10.0-1.3.x86_64",
                  "product_id": "libvpx6-1.10.0-1.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx6-32bit-1.10.0-1.3.x86_64",
                "product": {
                  "name": "libvpx6-32bit-1.10.0-1.3.x86_64",
                  "product_id": "libvpx6-32bit-1.10.0-1.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vpx-tools-1.10.0-1.3.x86_64",
                "product": {
                  "name": "vpx-tools-1.10.0-1.3.x86_64",
                  "product_id": "vpx-tools-1.10.0-1.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx-devel-1.10.0-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64"
        },
        "product_reference": "libvpx-devel-1.10.0-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx-devel-1.10.0-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le"
        },
        "product_reference": "libvpx-devel-1.10.0-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx-devel-1.10.0-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x"
        },
        "product_reference": "libvpx-devel-1.10.0-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx-devel-1.10.0-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64"
        },
        "product_reference": "libvpx-devel-1.10.0-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx6-1.10.0-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64"
        },
        "product_reference": "libvpx6-1.10.0-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx6-1.10.0-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le"
        },
        "product_reference": "libvpx6-1.10.0-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx6-1.10.0-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x"
        },
        "product_reference": "libvpx6-1.10.0-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx6-1.10.0-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64"
        },
        "product_reference": "libvpx6-1.10.0-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx6-32bit-1.10.0-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64"
        },
        "product_reference": "libvpx6-32bit-1.10.0-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx6-32bit-1.10.0-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le"
        },
        "product_reference": "libvpx6-32bit-1.10.0-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx6-32bit-1.10.0-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x"
        },
        "product_reference": "libvpx6-32bit-1.10.0-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx6-32bit-1.10.0-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64"
        },
        "product_reference": "libvpx6-32bit-1.10.0-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vpx-tools-1.10.0-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64"
        },
        "product_reference": "vpx-tools-1.10.0-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vpx-tools-1.10.0-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le"
        },
        "product_reference": "vpx-tools-1.10.0-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vpx-tools-1.10.0-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x"
        },
        "product_reference": "vpx-tools-1.10.0-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vpx-tools-1.10.0-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
        },
        "product_reference": "vpx-tools-1.10.0-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-0641",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-0641"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-0641",
          "url": "https://www.suse.com/security/cve/CVE-2017-0641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1056539 for CVE-2017-0641",
          "url": "https://bugzilla.suse.com/1056539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-0641"
    },
    {
      "cve": "CVE-2017-13194",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-13194"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-13194",
          "url": "https://www.suse.com/security/cve/CVE-2017-13194"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075992 for CVE-2017-13194",
          "url": "https://bugzilla.suse.com/1075992"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-13194"
    },
    {
      "cve": "CVE-2019-2126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-2126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-2126",
          "url": "https://www.suse.com/security/cve/CVE-2019-2126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160611 for CVE-2019-2126",
          "url": "https://bugzilla.suse.com/1160611"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-2126"
    },
    {
      "cve": "CVE-2019-9232",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9232"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9232",
          "url": "https://www.suse.com/security/cve/CVE-2019-9232"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160613 for CVE-2019-9232",
          "url": "https://bugzilla.suse.com/1160613"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-9232"
    },
    {
      "cve": "CVE-2019-9325",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9325"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9325",
          "url": "https://www.suse.com/security/cve/CVE-2019-9325"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160612 for CVE-2019-9325",
          "url": "https://bugzilla.suse.com/1160612"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-9325"
    },
    {
      "cve": "CVE-2019-9371",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9371"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9371",
          "url": "https://www.suse.com/security/cve/CVE-2019-9371"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160615 for CVE-2019-9371",
          "url": "https://bugzilla.suse.com/1160615"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-9371"
    },
    {
      "cve": "CVE-2019-9433",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9433"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
          "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9433",
          "url": "https://www.suse.com/security/cve/CVE-2019-9433"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160614 for CVE-2019-9433",
          "url": "https://bugzilla.suse.com/1160614"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:libvpx6-32bit-1.10.0-1.3.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.10.0-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-9433"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-9433 (GCVE-0-2019-9433)

Solution

Solution

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature