CVE-2019-9371

Publication date 27 September 2019

Last updated 25 August 2025

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254

Read the notes from the security team

Status

Package Ubuntu Release Status
libvpx 19.10 eoan
Not affected
19.04 disco
Fixed 1.7.0-3ubuntu0.19.04.1
18.04 LTS bionic
Fixed 1.7.0-3ubuntu0.18.04.1
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected

Notes

alexmurray

Updated third_party libwebm is only in >= 1.8.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libvpx

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.5 · Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-4199-1
    • libvpx vulnerabilities
    • 25 November 2019

Other references

Access our resources on patching vulnerabilities