VDB
CVE-2019-9746
CVE-2019-9746
PUBLISHED
In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212.
EPSS 0.34% · 56.7th percentile
Risk Scores
EPSS Score
0.34%
56.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | qtwebengine-opensource-src | 5.15.8+dfsg-1build1, *, 5.15.9+dfsg-1 |
| Ubuntu:20.04:LTS | qtwebengine-opensource-src | 5.12.4+dfsg-1ubuntu1, 5.12.8+dfsg-0ubuntu1.1, 5.12.8+dfsg-0ubuntu1 |
| Ubuntu:18.04:LTS | qtwebengine-opensource-src | 5.9.4+dfsg-0ubuntu1, 5.9.5+dfsg-0ubuntu2, * |
| Ubuntu:16.04:LTS | oxide-qt | 1.14.7-0ubuntu1, 1.15.8-0ubuntu0.16.04.1, 1.16.5-0ubuntu0.16.04.1 |
| Ubuntu:24.04:LTS | qtwebengine-opensource-src | 5.15.16+dfsg-1ubuntu2, 5.15.15+dfsg-2build2, 5.15.15+dfsg-2 |
| Ubuntu:25.10 | qtwebengine-opensource-src | 5.15.19+dfsg2-1, 5.15.19+dfsg-1, 0 |
Exploit Intelligence
Timeline
- Mar 13, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-9746 third-party-advisory
- https://bugs.chromium.org/p/webm/issues/detail?id=1605 third-party-advisory
- https://chromium.googlesource.com/webm/libwebm/+/2427abe0bde234987ed005a3adca461e9a85dfb7 third-party-advisory
- https://github.com/webmproject/libwebm/commit/2427abe0bde234987ed005a3adca461e9a85dfb7 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-9746 third-party-advisory