CVE-2018-5183

Опубликовано: 11 июн. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

Ссылки

http://www.securityfocus.com/bid/104138
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040898
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:1414
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1415
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1725
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1726
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1454692
Issue Tracking
Permissions Required
https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201810-01
Third Party Advisory
https://security.gentoo.org/glsa/201811-13
Third Party Advisory
https://usn.ubuntu.com/3660-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4199
Third Party Advisory
https://www.debian.org/security/2018/dsa-4209
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-12/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-13/
Vendor Advisory
http://www.securityfocus.com/bid/104138
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040898
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:1414
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1415
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Версия до 52.8.0 (исключая)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Версия до 52.8.0 (исключая)

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Версия до 52.8.0 (исключая)

EPSS

Процентиль: 88%

0.04116

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2018-5183

CVSS3: 9.8

ubuntu

больше 7 лет назад

CVE-2018-5183

CVSS3: 9.8

redhat

больше 7 лет назад

CVE-2018-5183

CVSS3: 9.8

debian

больше 7 лет назад

Mozilla developers backported selected changes in the Skia library. Th ...

GHSA-62wp-qw94-ppmq

CVSS3: 9.8

github

больше 3 лет назад

BDU:2018-01426

CVSS3: 9.8

fstec

больше 7 лет назад

Уязвимость браузера Firefox ESR, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 88%

0.04116

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119