CVE-2020-36131
📋 TL;DR
CVE-2020-36131 is a stack buffer overflow vulnerability in AOM (AOMedia Video 1) codec library version 2.0.1, specifically in the stats/rate_hist.c component. This vulnerability could allow remote attackers to execute arbitrary code or cause denial of service by processing specially crafted video files. Systems using the vulnerable AOM library for video processing are affected.
💻 Affected Systems
- AOM (AOMedia Video 1) library
- Applications using libaom for video processing
- FFmpeg with AOM support
- Media processing tools
📦 What is this software?
Aomedia by Aomedia
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or ransomware deployment.
Likely Case
Application crash causing denial of service in video processing applications.
If Mitigated
Limited impact if proper memory protections (ASLR, DEP) are enabled and the application has proper sandboxing.
🎯 Exploit Status
Proof of concept exists in the Chromium bug tracker. Exploitation requires the victim to process a malicious video file.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: AOM v2.0.2 and later
Vendor Advisory: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911
Restart Required: Yes
Instructions:
1. Update AOM library to version 2.0.2 or later. 2. Rebuild applications using the library. 3. Restart affected services. 4. For package managers: 'apt update && apt upgrade libaom' (Debian/Ubuntu) or 'yum update libaom' (RHEL/CentOS).
🔧 Temporary Workarounds
Disable AOM codec
allTemporarily disable AOM video processing in applications if possible
Configure applications to use alternative codecs (VP9, H.264, etc.)
Input validation
allImplement strict validation of video file inputs before processing
Add file type/size validation in web upload forms
Use antivirus scanning for uploaded media
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vulnerable systems
- Deploy application allowlisting to prevent unauthorized video processing tools
🔍 How to Verify
Check if Vulnerable:
Check AOM library version: 'aomenc --version' or 'strings /usr/lib/libaom.so | grep -i version'Check Version:
aomenc --version 2>/dev/null || strings /usr/lib*/libaom.so 2>/dev/null | grep -i "version\|2.0.1"Verify Fix Applied:
Confirm version is 2.0.2 or later: 'aomenc --version | grep -q "2.0.[2-9]\|2.[1-9]" && echo "Patched"'📡 Detection & Monitoring
Log Indicators:
- Application crashes with segmentation faults in video processing
- Memory corruption errors in system logs
- Abnormal process termination of media applications
Network Indicators:
- Unusual video file uploads to web services
- Suspicious media file transfers
SIEM Query:
EventID=1000 OR EventID=1001 AND SourceName contains "aom" OR ProcessName contains "ffmpeg" AND ExceptionCode=c0000005🔗 References
- https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1
- https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
- https://security.gentoo.org/glsa/202401-32
- https://www.debian.org/security/2023/dsa-5490
- https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1
- https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html
- https://security.gentoo.org/glsa/202401-32
- https://www.debian.org/security/2023/dsa-5490
