CVE-2020-0470 (Medium) detected in libaomandroid-11.0.0_r18

Question

CVE-2020-0470 (Medium) detected in libaomandroid-11.0.0_r18

Closed this issue 4 years ago · 0 comments

mend-bolt-for-github commented 4 years ago

CVE-2020-0470 - Medium Severity Vulnerability

Vulnerable Library - libaomandroid-11.0.0_r18

Bug: 139309277

Library home page: https://android.googlesource.com/platform/external/libaom

Found in HEAD commit: 09f9fe81a48aba5671e2234dd4c85040c8c98f1e

Vulnerable Source Files (1)

rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/8.10.5/include/aom/aom_integer.h

Vulnerability Details

In extend_frame_highbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-166268541

Publish Date: 2020-12-14

URL: CVE-2020-0470

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here