CVE-2020-36135: 
Linux Debian vulnerability analysis and mitigation

AOM v2.0.1 was discovered to contain a NULL pointer dereference vulnerability in the component rate_hist.c. This vulnerability was assigned CVE-2020-36135 and received a CVSS v3.1 base score of 6.5 (Medium severity) (NVD).

The vulnerability is characterized as a NULL pointer dereference (CWE-476) with a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The attack vector is network-based, with low attack complexity and no privileges required, though it does require user interaction. The scope is unchanged, with no impact on confidentiality or integrity, but high impact on availability (Ubuntu).

If exploited, this vulnerability could lead to a denial of service condition when processing malformed multimedia files. The impact is primarily focused on system availability, with no reported effects on confidentiality or integrity (Debian).

Multiple distributions have released patches to address this vulnerability. Ubuntu 20.04 LTS users should upgrade to version 1.0.0.errata1-3+deb11u1build0.20.04.1, Debian Bullseye users should upgrade to version 1.0.0.errata1-3+deb11u1, and Gentoo users should upgrade to version 3.2.0 or later (Ubuntu Security Notice, Debian, Gentoo).