There are 8 open security issues in bullseye.
4 important issues:
- CVE-2020-0478:
In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150780418
- CVE-2021-30473:
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
- CVE-2021-30474:
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
- CVE-2021-30475:
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
4 issues left for the package maintainer to handle:
- CVE-2020-36130:
(needs triaging)
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.
- CVE-2020-36131:
(needs triaging)
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.
- CVE-2020-36133:
(needs triaging)
AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.
- CVE-2020-36135:
(needs triaging)
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
You can find information about how to handle these issues in the security team's documentation.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/a/aom.png){kind=link}