CVE-2019-9232
First published: Fri Sep 27 2019(Updated: )
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/libvpx | 1.9.0-1+deb11u3 1.12.0-1+deb12u3 1.15.0-2 | |
| Android | =10.0 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.04 | |
| SUSE Linux | =15.1 | |
| Red Hat Fedora | =30 | |
| Red Hat Fedora | =31 | |
| Debian Linux | =8.0 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com/security/bulletin/android-10
- http://www.openwall.com/lists/oss-security/2019/10/25/17
- http://www.openwall.com/lists/oss-security/2019/10/27/1
- http://www.openwall.com/lists/oss-security/2019/11/07/1
- https://usn.ubuntu.com/4199-1/
- https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html
- https://seclists.org/bugtraq/2019/Nov/43
- https://www.debian.org/security/2019/dsa-4578
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html
- https://security.gentoo.org/glsa/202003-59
- https://usn.ubuntu.com/4199-2/
- https://launchpad.net/bugs/cve/CVE-2019-9232
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/
- https://github.com/webmproject/libvpx/commit/46e17f0cb4a80b36755c84b8bf15731d3386c08f
- https://security-tracker.debian.org/tracker/CVE-2019-9232
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232
- https://nvd.nist.gov/vuln/detail/CVE-2019-9232
- https://ubuntu.com/security/CVE-2019-9232
Frequently Asked Questions
What is the severity of CVE-2019-9232?
CVE-2019-9232 is classified as a high severity vulnerability due to its potential for remote information disclosure.
How do I fix CVE-2019-9232?
To fix CVE-2019-9232, update libvpx to version 1.9.0-1+deb11u3 or later on Debian, or to the appropriate patched version on other affected systems.
Which software is affected by CVE-2019-9232?
CVE-2019-9232 affects libvpx across various distributions, including specific versions of Android, Ubuntu, openSUSE, and Fedora.
Can CVE-2019-9232 be exploited without user interaction?
Yes, CVE-2019-9232 can be exploited remotely and does not require user interaction for exploitation.
What type of vulnerability is CVE-2019-9232?
CVE-2019-9232 is an out of bounds read vulnerability due to a missing bounds check in libvpx.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/remedy
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/debian
- vendor/google
- canonical/android
- version/android/10.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/19.04
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.1
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/30
- version/red hat fedora/31
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- version/debian linux/9.0
- version/debian linux/10.0