Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-2126

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.

Related bugs and status

CVE-2019-2126 (Candidate) is related to these bugs:

Bug #2004523: [MIR] libwebm (transitive dependency of libheif)[libheif -> aom -> libwebm]

Summary				In	Importance	Status
	2004523	[MIR] libwebm (transitive dependency of libheif)[libheif -> aom -> libwebm]		libwebm (Ubuntu)	Undecided	In Progress
	2004523	[MIR] libwebm (transitive dependency of libheif)[libheif -> aom -> libwebm]		libwebm (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://source.android...
UBUNTU: USN-4199-1
FEDORA: FEDORA-2020-65eac1b48b
FEDORA: FEDORA-2020-6cd410d9e4
SUSE: openSUSE-SU-2020:0105