CVE-2019-2126
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.
| Software | From | Fixed in |
|---|---|---|
| google / android | 7.1.2 | 7.1.2.x |
| google / android | 7.0 | 7.0.x |
| google / android | 8.0 | 8.0.x |
| google / android | 7.1.1 | 7.1.1.x |
| google / android | 8.1 | 8.1.x |
| google / android | 9.0 | 9.0.x |
| fedoraproject / fedora | 30 | 30.x |
| fedoraproject / fedora | 31 | 31.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 19.04 | 19.04.x |
| opensuse / leap | 15.1 | 15.1.x |
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/
- https://source.android.com/security/bulletin/2019-08-01
- https://usn.ubuntu.com/4199-1/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime