Bugzilla – Bug 1056539
VUL-0: CVE-2017-0641: libvpx: Weak limit for frames
Last modified: 2018-07-18 14:41:11 UTC
rh#1486854 A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591. References: https://bugzilla.redhat.com/show_bug.cgi?id=1486854 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0641 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0641.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0641 https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb
SLE12 libvpx has no size limit option. sle15/factory have, perhaps just set it in configure android patch has --size-limit=4096x3072
I have set it to 8192x8192 which is the spec'd 8K Fulldome resolution. Hopefully sufficient for all sides. Submitted in request 519848
This is an autogenerated message for OBS integration: This bug (1056539) was mentioned in https://build.opensuse.org/request/show/623663 15.0+42.3+Backports:SLE-12-SP2 / chromium+codec2+ffmpeg-2+ffmpeg-3+ffmpeg-4+libsodium+libvpx-1_6+zeromq