Ubuntu.comUB:CVE-2019-9371CVE-2019-9371
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
82.9%
In libvpx, there is a possible resource exhaustion due to improper input
validation. This could lead to remote denial of service with no additional
execution privileges needed. User interaction is needed for exploitation.
Product: AndroidVersions: Android-10Android ID: A-132783254
Notes
| Author | Note |
|---|---|
| alexmurray | Updated third_party libwebm is only in >= 1.8.1 |
References
chromium.googlesource.com/webm/libwebm/+/027a472efe49ff3a24be619442d2150658dbaaa0
chromium.googlesource.com/webm/libwebm/+/cb5a9477073cf7ae4a28356d6e3e5638aba78dc9
launchpad.net/bugs/cve/CVE-2019-9371
nvd.nist.gov/vuln/detail/CVE-2019-9371
security-tracker.debian.org/tracker/CVE-2019-9371
ubuntu.com/security/notices/USN-4199-1
www.cve.org/CVERecord?id=CVE-2019-9371
www.openwall.com/lists/oss-security/2019/11/07/1
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
82.9%