CVE-2018-11261

Опубликовано: 27 нояб. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Any application using codec service will be affected.

Ссылки

https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=0e910e74e56f2a46f65dbc7694b160cd6e7f379a
Patch
Third Party Advisory
https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=d41a7a4c7d43fa67f2e4a487b8a1fb0aac38226d
Patch
Third Party Advisory
https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin
Patch
Third Party Advisory
https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=0e910e74e56f2a46f65dbc7694b160cd6e7f379a
Patch
Third Party Advisory
https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=d41a7a4c7d43fa67f2e4a487b8a1fb0aac38226d
Patch
Third Party Advisory
https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00073

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-cjq4-76x2-9585