Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-36135 (GCVE-0-2020-36135)
Vulnerability from cvelistv5
Published
2021-12-02 00:00
Modified
2024-08-04 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:16:14.036Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1" }, { "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html" }, { "name": "DSA-5490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5490" }, { "name": "GLSA-202401-32", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-31T15:06:46.367316", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1" }, { "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html" }, { "name": "DSA-5490", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5490" }, { "name": "GLSA-202401-32", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202401-32" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-36135", "datePublished": "2021-12-02T00:00:00", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-04T17:16:14.036Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-36135\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-12-02T22:15:08.833\",\"lastModified\":\"2024-11-21T05:28:47.347\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado que AOM versi\u00f3n v2.0.1, contiene una desreferencia de puntero NULL por medio del componente rate_hist.c\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aomedia:aomedia:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBD7B35F-8B54-4609-8889-05FD5850675C\"}]}]}],\"references\":[{\"url\":\"https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202401-32\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5490\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202401-32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5490\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
ghsa-3mrv-v95f-r4rx
Vulnerability from github
Published
2021-12-03 00:00
Modified
2023-09-06 03:30
Severity ?
VLAI Severity ?
Details
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
{ "affected": [], "aliases": [ "CVE-2020-36135" ], "database_specific": { "cwe_ids": [ "CWE-476" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2021-12-02T22:15:00Z", "severity": "MODERATE" }, "details": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.", "id": "GHSA-3mrv-v95f-r4rx", "modified": "2023-09-06T03:30:19Z", "published": "2021-12-03T00:00:26Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36135" }, { "type": "WEB", "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202401-32" }, { "type": "WEB", "url": "https://www.debian.org/security/2023/dsa-5490" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
suse-su-2021:4170-1
Vulnerability from csaf_suse
Published
2021-12-23 08:54
Modified
2021-12-23 08:54
Summary
Security update for libaom
Notes
Title of the patch
Security update for libaom
Description of the patch
This update for libaom fixes the following issues:
- CVE-2020-36129: Fixed stack buffer overflow via the component src/aom_image.c (bsc#1193356).
- CVE-2020-36131: Fixed stack buffer overflow via the component stats/rate_hist.c (bsc#1193365).
- CVE-2020-36135: Fixed NULL pointer dereference via the component rate_hist.c (bsc#1193366).
- CVE-2020-36130: Fixed NULL pointer dereference via the component av1/av1_dx_iface.c (bsc#1193369).
Patchnames
SUSE-2021-4170,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-4170,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-4170
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libaom", "title": "Title of the patch" }, { "category": "description", "text": "This update for libaom fixes the following issues:\n\n- CVE-2020-36129: Fixed stack buffer overflow via the component src/aom_image.c (bsc#1193356).\n- CVE-2020-36131: Fixed stack buffer overflow via the component stats/rate_hist.c (bsc#1193365).\n- CVE-2020-36135: Fixed NULL pointer dereference via the component rate_hist.c (bsc#1193366).\n- CVE-2020-36130: Fixed NULL pointer dereference via the component av1/av1_dx_iface.c (bsc#1193369).\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2021-4170,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-4170,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-4170", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_4170-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2021:4170-1", "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214170-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2021:4170-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009940.html" }, { "category": "self", "summary": "SUSE Bug 1193356", "url": "https://bugzilla.suse.com/1193356" }, { "category": "self", "summary": "SUSE Bug 1193365", "url": "https://bugzilla.suse.com/1193365" }, { "category": "self", "summary": "SUSE Bug 1193366", "url": "https://bugzilla.suse.com/1193366" }, { "category": "self", "summary": "SUSE Bug 1193369", "url": "https://bugzilla.suse.com/1193369" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36129 page", "url": "https://www.suse.com/security/cve/CVE-2020-36129/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36130 page", "url": "https://www.suse.com/security/cve/CVE-2020-36130/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36131 page", "url": "https://www.suse.com/security/cve/CVE-2020-36131/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36135 page", "url": "https://www.suse.com/security/cve/CVE-2020-36135/" } ], "title": "Security update for libaom", "tracking": { "current_release_date": "2021-12-23T08:54:03Z", "generator": { "date": "2021-12-23T08:54:03Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2021:4170-1", "initial_release_date": "2021-12-23T08:54:03Z", "revision_history": [ { "date": "2021-12-23T08:54:03Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-3.9.1.aarch64", "product": { "name": "aom-tools-1.0.0-3.9.1.aarch64", "product_id": "aom-tools-1.0.0-3.9.1.aarch64" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-3.9.1.aarch64", "product": { "name": "libaom-devel-1.0.0-3.9.1.aarch64", "product_id": "libaom-devel-1.0.0-3.9.1.aarch64" } }, { "category": "product_version", "name": "libaom0-1.0.0-3.9.1.aarch64", "product": { "name": "libaom0-1.0.0-3.9.1.aarch64", "product_id": "libaom0-1.0.0-3.9.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libaom0-64bit-1.0.0-3.9.1.aarch64_ilp32", "product": { "name": "libaom0-64bit-1.0.0-3.9.1.aarch64_ilp32", "product_id": "libaom0-64bit-1.0.0-3.9.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-3.9.1.i586", "product": { "name": "aom-tools-1.0.0-3.9.1.i586", "product_id": "aom-tools-1.0.0-3.9.1.i586" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-3.9.1.i586", "product": { "name": "libaom-devel-1.0.0-3.9.1.i586", "product_id": "libaom-devel-1.0.0-3.9.1.i586" } }, { "category": "product_version", "name": "libaom0-1.0.0-3.9.1.i586", "product": { "name": "libaom0-1.0.0-3.9.1.i586", "product_id": "libaom0-1.0.0-3.9.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libaom-devel-doc-1.0.0-3.9.1.noarch", "product": { "name": "libaom-devel-doc-1.0.0-3.9.1.noarch", "product_id": "libaom-devel-doc-1.0.0-3.9.1.noarch" } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-3.9.1.ppc64le", "product": { "name": "aom-tools-1.0.0-3.9.1.ppc64le", "product_id": "aom-tools-1.0.0-3.9.1.ppc64le" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-3.9.1.ppc64le", "product": { "name": "libaom-devel-1.0.0-3.9.1.ppc64le", "product_id": "libaom-devel-1.0.0-3.9.1.ppc64le" } }, { "category": "product_version", "name": "libaom0-1.0.0-3.9.1.ppc64le", "product": { "name": "libaom0-1.0.0-3.9.1.ppc64le", "product_id": "libaom0-1.0.0-3.9.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-3.9.1.s390x", "product": { "name": "aom-tools-1.0.0-3.9.1.s390x", "product_id": "aom-tools-1.0.0-3.9.1.s390x" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-3.9.1.s390x", "product": { "name": "libaom-devel-1.0.0-3.9.1.s390x", "product_id": "libaom-devel-1.0.0-3.9.1.s390x" } }, { "category": "product_version", "name": "libaom0-1.0.0-3.9.1.s390x", "product": { "name": "libaom0-1.0.0-3.9.1.s390x", "product_id": "libaom0-1.0.0-3.9.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-3.9.1.x86_64", "product": { "name": "aom-tools-1.0.0-3.9.1.x86_64", "product_id": "aom-tools-1.0.0-3.9.1.x86_64" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-3.9.1.x86_64", "product": { "name": "libaom-devel-1.0.0-3.9.1.x86_64", "product_id": "libaom-devel-1.0.0-3.9.1.x86_64" } }, { "category": "product_version", "name": "libaom0-1.0.0-3.9.1.x86_64", "product": { "name": "libaom0-1.0.0-3.9.1.x86_64", "product_id": "libaom0-1.0.0-3.9.1.x86_64" } }, { "category": "product_version", "name": "libaom0-32bit-1.0.0-3.9.1.x86_64", "product": { "name": "libaom0-32bit-1.0.0-3.9.1.x86_64", "product_id": "libaom0-32bit-1.0.0-3.9.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product": { "name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3", "product": { "name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp3" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64" }, "product_reference": "libaom0-1.0.0-3.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le" }, "product_reference": "libaom0-1.0.0-3.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x" }, "product_reference": "libaom0-1.0.0-3.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64" }, "product_reference": "libaom0-1.0.0-3.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64" }, "product_reference": "libaom0-1.0.0-3.9.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le" }, "product_reference": "libaom0-1.0.0-3.9.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x" }, "product_reference": "libaom0-1.0.0-3.9.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" }, "product_reference": "libaom0-1.0.0-3.9.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36129", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36129" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36129", "url": "https://www.suse.com/security/cve/CVE-2020-36129" }, { "category": "external", "summary": "SUSE Bug 1193356 for CVE-2020-36129", "url": "https://bugzilla.suse.com/1193356" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-23T08:54:03Z", "details": "moderate" } ], "title": "CVE-2020-36129" }, { "cve": "CVE-2020-36130", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36130" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36130", "url": "https://www.suse.com/security/cve/CVE-2020-36130" }, { "category": "external", "summary": "SUSE Bug 1193369 for CVE-2020-36130", "url": "https://bugzilla.suse.com/1193369" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-23T08:54:03Z", "details": "moderate" } ], "title": "CVE-2020-36130" }, { "cve": "CVE-2020-36131", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36131" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36131", "url": "https://www.suse.com/security/cve/CVE-2020-36131" }, { "category": "external", "summary": "SUSE Bug 1193365 for CVE-2020-36131", "url": "https://bugzilla.suse.com/1193365" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-23T08:54:03Z", "details": "moderate" } ], "title": "CVE-2020-36131" }, { "cve": "CVE-2020-36135", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36135" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36135", "url": "https://www.suse.com/security/cve/CVE-2020-36135" }, { "category": "external", "summary": "SUSE Bug 1193366 for CVE-2020-36135", "url": "https://bugzilla.suse.com/1193366" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libaom0-1.0.0-3.9.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libaom0-1.0.0-3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-23T08:54:03Z", "details": "moderate" } ], "title": "CVE-2020-36135" } ] }
fkie_cve-2020-36135
Vulnerability from fkie_nvd
Published
2021-12-02 22:15
Modified
2024-11-21 05:28
Severity ?
Summary
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:aomedia:aomedia:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBD7B35F-8B54-4609-8889-05FD5850675C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c." }, { "lang": "es", "value": "Se ha detectado que AOM versi\u00f3n v2.0.1, contiene una desreferencia de puntero NULL por medio del componente rate_hist.c" } ], "id": "CVE-2020-36135", "lastModified": "2024-11-21T05:28:47.347", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-12-02T22:15:08.833", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202401-32" }, { "source": "cve@mitre.org", "url": "https://www.debian.org/security/2023/dsa-5490" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202401-32" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5490" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cnvd-2021-95218
Vulnerability from cnvd
Title: AOM空指针解引用漏洞
Description:
Aom是美国开放媒体联盟(Alliance For Open Media)组织的一种面向所有人的下一代开源数字媒体技术。
AOM 2.0.1版本存在空指针解引用漏洞,该漏洞源于组件rate_hist.c存在取消引用的NULL指针。目前没有详细漏洞细节提供。
Severity: 中
Patch Name: AOM空指针解引用漏洞的补丁
Patch Description:
Aom是美国开放媒体联盟(Alliance For Open Media)组织的一种面向所有人的下一代开源数字媒体技术。
AOM 2.0.1版本存在空指针解引用漏洞,该漏洞源于组件rate_hist.c存在取消引用的NULL指针。目前没有详细漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1
Reference: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1
Impacted products
Name | Alliance For Open Media AOM 2.0.1 |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2020-36135" } }, "description": "Aom\u662f\u7f8e\u56fd\u5f00\u653e\u5a92\u4f53\u8054\u76df\uff08Alliance For Open Media\uff09\u7ec4\u7ec7\u7684\u4e00\u79cd\u9762\u5411\u6240\u6709\u4eba\u7684\u4e0b\u4e00\u4ee3\u5f00\u6e90\u6570\u5b57\u5a92\u4f53\u6280\u672f\u3002\n\nAOM 2.0.1\u7248\u672c\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7ec4\u4ef6rate_hist.c\u5b58\u5728\u53d6\u6d88\u5f15\u7528\u7684NULL\u6307\u9488\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002", "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2021-95218", "openTime": "2021-12-08", "patchDescription": "Aom\u662f\u7f8e\u56fd\u5f00\u653e\u5a92\u4f53\u8054\u76df\uff08Alliance For Open Media\uff09\u7ec4\u7ec7\u7684\u4e00\u79cd\u9762\u5411\u6240\u6709\u4eba\u7684\u4e0b\u4e00\u4ee3\u5f00\u6e90\u6570\u5b57\u5a92\u4f53\u6280\u672f\u3002\r\n\r\nAOM 2.0.1\u7248\u672c\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7ec4\u4ef6rate_hist.c\u5b58\u5728\u53d6\u6d88\u5f15\u7528\u7684NULL\u6307\u9488\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "AOM\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": "Alliance For Open Media AOM 2.0.1" }, "referenceLink": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1", "serverity": "\u4e2d", "submitTime": "2021-12-06", "title": "AOM\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e" }
opensuse-su-2021:1624-1
Vulnerability from csaf_opensuse
Published
2021-12-26 13:06
Modified
2021-12-26 13:06
Summary
Security update for libaom
Notes
Title of the patch
Security update for libaom
Description of the patch
This update for libaom fixes the following issues:
- CVE-2020-36129: Fixed stack buffer overflow via the component src/aom_image.c (bsc#1193356).
- CVE-2020-36131: Fixed stack buffer overflow via the component stats/rate_hist.c (bsc#1193365).
- CVE-2020-36135: Fixed NULL pointer dereference via the component rate_hist.c (bsc#1193366).
- CVE-2020-36130: Fixed NULL pointer dereference via the component av1/av1_dx_iface.c (bsc#1193369).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames
openSUSE-2021-1624
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libaom", "title": "Title of the patch" }, { "category": "description", "text": "This update for libaom fixes the following issues:\n\n- CVE-2020-36129: Fixed stack buffer overflow via the component src/aom_image.c (bsc#1193356).\n- CVE-2020-36131: Fixed stack buffer overflow via the component stats/rate_hist.c (bsc#1193365).\n- CVE-2020-36135: Fixed NULL pointer dereference via the component rate_hist.c (bsc#1193366).\n- CVE-2020-36130: Fixed NULL pointer dereference via the component av1/av1_dx_iface.c (bsc#1193369).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-2021-1624", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1624-1.json" }, { "category": "self", "summary": "URL for openSUSE-SU-2021:1624-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KMK3AKW3Y2J574OXHVFX4QFELTEHM6MR/" }, { "category": "self", "summary": "E-Mail link for openSUSE-SU-2021:1624-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KMK3AKW3Y2J574OXHVFX4QFELTEHM6MR/" }, { "category": "self", "summary": "SUSE Bug 1193356", "url": "https://bugzilla.suse.com/1193356" }, { "category": "self", "summary": "SUSE Bug 1193365", "url": "https://bugzilla.suse.com/1193365" }, { "category": "self", "summary": "SUSE Bug 1193366", "url": "https://bugzilla.suse.com/1193366" }, { "category": "self", "summary": "SUSE Bug 1193369", "url": "https://bugzilla.suse.com/1193369" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36129 page", "url": "https://www.suse.com/security/cve/CVE-2020-36129/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36130 page", "url": "https://www.suse.com/security/cve/CVE-2020-36130/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36131 page", "url": "https://www.suse.com/security/cve/CVE-2020-36131/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36135 page", "url": "https://www.suse.com/security/cve/CVE-2020-36135/" } ], "title": "Security update for libaom", "tracking": { "current_release_date": "2021-12-26T13:06:14Z", "generator": { "date": "2021-12-26T13:06:14Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2021:1624-1", "initial_release_date": "2021-12-26T13:06:14Z", "revision_history": [ { "date": "2021-12-26T13:06:14Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-lp152.3.9.1.i586", "product": { "name": "aom-tools-1.0.0-lp152.3.9.1.i586", "product_id": "aom-tools-1.0.0-lp152.3.9.1.i586" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-lp152.3.9.1.i586", "product": { "name": "libaom-devel-1.0.0-lp152.3.9.1.i586", "product_id": "libaom-devel-1.0.0-lp152.3.9.1.i586" } }, { "category": "product_version", "name": "libaom0-1.0.0-lp152.3.9.1.i586", "product": { "name": "libaom0-1.0.0-lp152.3.9.1.i586", "product_id": "libaom0-1.0.0-lp152.3.9.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "product": { "name": "libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "product_id": "libaom-devel-doc-1.0.0-lp152.3.9.1.noarch" } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-lp152.3.9.1.x86_64", "product": { "name": "aom-tools-1.0.0-lp152.3.9.1.x86_64", "product_id": "aom-tools-1.0.0-lp152.3.9.1.x86_64" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-lp152.3.9.1.x86_64", "product": { "name": "libaom-devel-1.0.0-lp152.3.9.1.x86_64", "product_id": "libaom-devel-1.0.0-lp152.3.9.1.x86_64" } }, { "category": "product_version", "name": "libaom0-1.0.0-lp152.3.9.1.x86_64", "product": { "name": "libaom0-1.0.0-lp152.3.9.1.x86_64", "product_id": "libaom0-1.0.0-lp152.3.9.1.x86_64" } }, { "category": "product_version", "name": "libaom0-32bit-1.0.0-lp152.3.9.1.x86_64", "product": { "name": "libaom0-32bit-1.0.0-lp152.3.9.1.x86_64", "product_id": "libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Leap 15.2", "product": { "name": "openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap:15.2" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aom-tools-1.0.0-lp152.3.9.1.i586 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586" }, "product_reference": "aom-tools-1.0.0-lp152.3.9.1.i586", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "aom-tools-1.0.0-lp152.3.9.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64" }, "product_reference": "aom-tools-1.0.0-lp152.3.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libaom-devel-1.0.0-lp152.3.9.1.i586 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586" }, "product_reference": "libaom-devel-1.0.0-lp152.3.9.1.i586", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libaom-devel-1.0.0-lp152.3.9.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64" }, "product_reference": "libaom-devel-1.0.0-lp152.3.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libaom-devel-doc-1.0.0-lp152.3.9.1.noarch as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch" }, "product_reference": "libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-lp152.3.9.1.i586 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586" }, "product_reference": "libaom0-1.0.0-lp152.3.9.1.i586", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-lp152.3.9.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64" }, "product_reference": "libaom0-1.0.0-lp152.3.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-32bit-1.0.0-lp152.3.9.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" }, "product_reference": "libaom0-32bit-1.0.0-lp152.3.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36129", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36129" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36129", "url": "https://www.suse.com/security/cve/CVE-2020-36129" }, { "category": "external", "summary": "SUSE Bug 1193356 for CVE-2020-36129", "url": "https://bugzilla.suse.com/1193356" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-26T13:06:14Z", "details": "moderate" } ], "title": "CVE-2020-36129" }, { "cve": "CVE-2020-36130", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36130" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36130", "url": "https://www.suse.com/security/cve/CVE-2020-36130" }, { "category": "external", "summary": "SUSE Bug 1193369 for CVE-2020-36130", "url": "https://bugzilla.suse.com/1193369" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-26T13:06:14Z", "details": "moderate" } ], "title": "CVE-2020-36130" }, { "cve": "CVE-2020-36131", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36131" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36131", "url": "https://www.suse.com/security/cve/CVE-2020-36131" }, { "category": "external", "summary": "SUSE Bug 1193365 for CVE-2020-36131", "url": "https://bugzilla.suse.com/1193365" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-26T13:06:14Z", "details": "moderate" } ], "title": "CVE-2020-36131" }, { "cve": "CVE-2020-36135", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36135" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36135", "url": "https://www.suse.com/security/cve/CVE-2020-36135" }, { "category": "external", "summary": "SUSE Bug 1193366 for CVE-2020-36135", "url": "https://bugzilla.suse.com/1193366" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:aom-tools-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom-devel-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom-devel-doc-1.0.0-lp152.3.9.1.noarch", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.i586", "openSUSE Leap 15.2:libaom0-1.0.0-lp152.3.9.1.x86_64", "openSUSE Leap 15.2:libaom0-32bit-1.0.0-lp152.3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-26T13:06:14Z", "details": "moderate" } ], "title": "CVE-2020-36135" } ] }
opensuse-su-2021:4170-1
Vulnerability from csaf_opensuse
Published
2021-12-23 08:54
Modified
2021-12-23 08:54
Summary
Security update for libaom
Notes
Title of the patch
Security update for libaom
Description of the patch
This update for libaom fixes the following issues:
- CVE-2020-36129: Fixed stack buffer overflow via the component src/aom_image.c (bsc#1193356).
- CVE-2020-36131: Fixed stack buffer overflow via the component stats/rate_hist.c (bsc#1193365).
- CVE-2020-36135: Fixed NULL pointer dereference via the component rate_hist.c (bsc#1193366).
- CVE-2020-36130: Fixed NULL pointer dereference via the component av1/av1_dx_iface.c (bsc#1193369).
Patchnames
openSUSE-SLE-15.3-2021-4170
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libaom", "title": "Title of the patch" }, { "category": "description", "text": "This update for libaom fixes the following issues:\n\n- CVE-2020-36129: Fixed stack buffer overflow via the component src/aom_image.c (bsc#1193356).\n- CVE-2020-36131: Fixed stack buffer overflow via the component stats/rate_hist.c (bsc#1193365).\n- CVE-2020-36135: Fixed NULL pointer dereference via the component rate_hist.c (bsc#1193366).\n- CVE-2020-36130: Fixed NULL pointer dereference via the component av1/av1_dx_iface.c (bsc#1193369).\n", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-SLE-15.3-2021-4170", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_4170-1.json" }, { "category": "self", "summary": "URL for openSUSE-SU-2021:4170-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3CU5I3APCIYTJ5MCNA4TTKLC2PLKDGKU/" }, { "category": "self", "summary": "E-Mail link for openSUSE-SU-2021:4170-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3CU5I3APCIYTJ5MCNA4TTKLC2PLKDGKU/" }, { "category": "self", "summary": "SUSE Bug 1193356", "url": "https://bugzilla.suse.com/1193356" }, { "category": "self", "summary": "SUSE Bug 1193365", "url": "https://bugzilla.suse.com/1193365" }, { "category": "self", "summary": "SUSE Bug 1193366", "url": "https://bugzilla.suse.com/1193366" }, { "category": "self", "summary": "SUSE Bug 1193369", "url": "https://bugzilla.suse.com/1193369" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36129 page", "url": "https://www.suse.com/security/cve/CVE-2020-36129/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36130 page", "url": "https://www.suse.com/security/cve/CVE-2020-36130/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36131 page", "url": "https://www.suse.com/security/cve/CVE-2020-36131/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-36135 page", "url": "https://www.suse.com/security/cve/CVE-2020-36135/" } ], "title": "Security update for libaom", "tracking": { "current_release_date": "2021-12-23T08:54:07Z", "generator": { "date": "2021-12-23T08:54:07Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2021:4170-1", "initial_release_date": "2021-12-23T08:54:07Z", "revision_history": [ { "date": "2021-12-23T08:54:07Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-3.9.1.aarch64", "product": { "name": "aom-tools-1.0.0-3.9.1.aarch64", "product_id": "aom-tools-1.0.0-3.9.1.aarch64" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-3.9.1.aarch64", "product": { "name": "libaom-devel-1.0.0-3.9.1.aarch64", "product_id": "libaom-devel-1.0.0-3.9.1.aarch64" } }, { "category": "product_version", "name": "libaom0-1.0.0-3.9.1.aarch64", "product": { "name": "libaom0-1.0.0-3.9.1.aarch64", "product_id": "libaom0-1.0.0-3.9.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libaom-devel-doc-1.0.0-3.9.1.noarch", "product": { "name": "libaom-devel-doc-1.0.0-3.9.1.noarch", "product_id": "libaom-devel-doc-1.0.0-3.9.1.noarch" } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-3.9.1.ppc64le", "product": { "name": "aom-tools-1.0.0-3.9.1.ppc64le", "product_id": "aom-tools-1.0.0-3.9.1.ppc64le" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-3.9.1.ppc64le", "product": { "name": "libaom-devel-1.0.0-3.9.1.ppc64le", "product_id": "libaom-devel-1.0.0-3.9.1.ppc64le" } }, { "category": "product_version", "name": "libaom0-1.0.0-3.9.1.ppc64le", "product": { "name": "libaom0-1.0.0-3.9.1.ppc64le", "product_id": "libaom0-1.0.0-3.9.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-3.9.1.s390x", "product": { "name": "aom-tools-1.0.0-3.9.1.s390x", "product_id": "aom-tools-1.0.0-3.9.1.s390x" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-3.9.1.s390x", "product": { "name": "libaom-devel-1.0.0-3.9.1.s390x", "product_id": "libaom-devel-1.0.0-3.9.1.s390x" } }, { "category": "product_version", "name": "libaom0-1.0.0-3.9.1.s390x", "product": { "name": "libaom0-1.0.0-3.9.1.s390x", "product_id": "libaom0-1.0.0-3.9.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "aom-tools-1.0.0-3.9.1.x86_64", "product": { "name": "aom-tools-1.0.0-3.9.1.x86_64", "product_id": "aom-tools-1.0.0-3.9.1.x86_64" } }, { "category": "product_version", "name": "libaom-devel-1.0.0-3.9.1.x86_64", "product": { "name": "libaom-devel-1.0.0-3.9.1.x86_64", "product_id": "libaom-devel-1.0.0-3.9.1.x86_64" } }, { "category": "product_version", "name": "libaom0-1.0.0-3.9.1.x86_64", "product": { "name": "libaom0-1.0.0-3.9.1.x86_64", "product_id": "libaom0-1.0.0-3.9.1.x86_64" } }, { "category": "product_version", "name": "libaom0-32bit-1.0.0-3.9.1.x86_64", "product": { "name": "libaom0-32bit-1.0.0-3.9.1.x86_64", "product_id": "libaom0-32bit-1.0.0-3.9.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Leap 15.3", "product": { "name": "openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap:15.3" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aom-tools-1.0.0-3.9.1.aarch64 as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64" }, "product_reference": "aom-tools-1.0.0-3.9.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "aom-tools-1.0.0-3.9.1.ppc64le as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le" }, "product_reference": "aom-tools-1.0.0-3.9.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "aom-tools-1.0.0-3.9.1.s390x as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x" }, "product_reference": "aom-tools-1.0.0-3.9.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "aom-tools-1.0.0-3.9.1.x86_64 as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64" }, "product_reference": "aom-tools-1.0.0-3.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom-devel-1.0.0-3.9.1.aarch64 as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64" }, "product_reference": "libaom-devel-1.0.0-3.9.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom-devel-1.0.0-3.9.1.ppc64le as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le" }, "product_reference": "libaom-devel-1.0.0-3.9.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom-devel-1.0.0-3.9.1.s390x as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x" }, "product_reference": "libaom-devel-1.0.0-3.9.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom-devel-1.0.0-3.9.1.x86_64 as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64" }, "product_reference": "libaom-devel-1.0.0-3.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom-devel-doc-1.0.0-3.9.1.noarch as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch" }, "product_reference": "libaom-devel-doc-1.0.0-3.9.1.noarch", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.aarch64 as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64" }, "product_reference": "libaom0-1.0.0-3.9.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.ppc64le as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le" }, "product_reference": "libaom0-1.0.0-3.9.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.s390x as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x" }, "product_reference": "libaom0-1.0.0-3.9.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-1.0.0-3.9.1.x86_64 as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64" }, "product_reference": "libaom0-1.0.0-3.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.3" }, { "category": "default_component_of", "full_product_name": { "name": "libaom0-32bit-1.0.0-3.9.1.x86_64 as component of openSUSE Leap 15.3", "product_id": "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" }, "product_reference": "libaom0-32bit-1.0.0-3.9.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36129", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36129" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36129", "url": "https://www.suse.com/security/cve/CVE-2020-36129" }, { "category": "external", "summary": "SUSE Bug 1193356 for CVE-2020-36129", "url": "https://bugzilla.suse.com/1193356" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-23T08:54:07Z", "details": "moderate" } ], "title": "CVE-2020-36129" }, { "cve": "CVE-2020-36130", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36130" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36130", "url": "https://www.suse.com/security/cve/CVE-2020-36130" }, { "category": "external", "summary": "SUSE Bug 1193369 for CVE-2020-36130", "url": "https://bugzilla.suse.com/1193369" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-23T08:54:07Z", "details": "moderate" } ], "title": "CVE-2020-36130" }, { "cve": "CVE-2020-36131", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36131" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36131", "url": "https://www.suse.com/security/cve/CVE-2020-36131" }, { "category": "external", "summary": "SUSE Bug 1193365 for CVE-2020-36131", "url": "https://bugzilla.suse.com/1193365" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-23T08:54:07Z", "details": "moderate" } ], "title": "CVE-2020-36131" }, { "cve": "CVE-2020-36135", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-36135" } ], "notes": [ { "category": "general", "text": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-36135", "url": "https://www.suse.com/security/cve/CVE-2020-36135" }, { "category": "external", "summary": "SUSE Bug 1193366 for CVE-2020-36135", "url": "https://bugzilla.suse.com/1193366" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:aom-tools-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom-devel-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom-devel-doc-1.0.0-3.9.1.noarch", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.aarch64", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.ppc64le", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.s390x", "openSUSE Leap 15.3:libaom0-1.0.0-3.9.1.x86_64", "openSUSE Leap 15.3:libaom0-32bit-1.0.0-3.9.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-12-23T08:54:07Z", "details": "moderate" } ], "title": "CVE-2020-36135" } ] }
gsd-2020-36135
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-36135", "description": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.", "id": "GSD-2020-36135", "references": [ "https://www.suse.com/security/cve/CVE-2020-36135.html", "https://advisories.mageia.org/CVE-2020-36135.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-36135" ], "details": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.", "id": "GSD-2020-36135", "modified": "2023-12-13T01:21:56.093072Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36135", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1", "refsource": "MISC", "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1" }, { "name": "[debian-lts-announce] 20230905 [SECURITY] [DLA 3556-1] aom security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html" }, { "name": "DSA-5490", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2023/dsa-5490" }, { "name": "GLSA-202401-32", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202401-32" } ] } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:aomedia:aomedia:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBD7B35F-8B54-4609-8889-05FD5850675C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c." }, { "lang": "es", "value": "Se ha detectado que AOM versi\u00f3n v2.0.1, contiene una desreferencia de puntero NULL por medio del componente rate_hist.c" } ], "id": "CVE-2020-36135", "lastModified": "2024-01-31T15:15:08.767", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-12-02T22:15:08.833", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2910\u0026q=\u0026can=1" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202401-32" }, { "source": "cve@mitre.org", "url": "https://www.debian.org/security/2023/dsa-5490" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…