Description
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2020-03-01
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/11/msg00024.html
Scores
CVSS v3
7.5
EPSS
0.0451
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-125
Status
published
Products (3)
debian/debian_linux
9.0
google/android
8.0
google/android
8.1
Published
Mar 10, 2020
Tracked Since
Feb 18, 2026