Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-2126

Опубликовано: 20 авг. 2019
Источник: nvd
CVSS3: 8.8
CVSS2: 9.3
EPSS Низкий

Описание

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:-:*:*:*
Конфигурация 4
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 92%
0.08289
Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-415

Связанные уязвимости

ubuntu логотип

CVE-2019-2126

CVSS3: 8.8
ubuntu
почти 6 лет назад

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.

redhat логотип

CVE-2019-2126

CVSS3: 8.8
redhat
больше 5 лет назад

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.

github логотип

GHSA-jxxw-46w4-3vhv

CVSS3: 8.8
github
около 3 лет назад

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.

rocky логотип

RLSA-2020:4629

rocky
больше 4 лет назад

Moderate: libvpx security update

oracle-oval логотип

ELSA-2020-4629

oracle-oval
больше 4 лет назад

ELSA-2020-4629: libvpx security update (MODERATE)

EPSS

Процентиль: 92%
0.08289
Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-415