search

AlexRogalskiy / github-action-image-resizer

📰 GitHub action for images resizing
https://github.com/marketplace/actions/image-resizer
GNU General Public License v3.0
3 stars 1 forks source link

CVE-2020-0470 (Medium) detected in libaomandroid-11.0.0_r18 #31

Open mend-bolt-for-github[bot] opened 3 years ago

mend-bolt-for-github[bot] commented 3 years ago

CVE-2020-0470 - Medium Severity Vulnerability

Vulnerable Library - libaomandroid-11.0.0_r18

Bug: 139309277

Library home page: https://android.googlesource.com/platform/external/libaom

Found in base branch: master

Vulnerable Source Files (1)

github-action-image-resizer/node_modules/sharp/vendor/8.10.5/include/aom/aom_integer.h

Vulnerability Details

In extend_frame_highbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-166268541

Publish Date: 2020-12-14

URL: CVE-2020-0470

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

github-actions[bot] commented 3 years ago

👋 Thanks for reporting!