exploitDog

CVE-2018-9521

Опубликовано: 14 нояб. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Низкий

Описание

In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331

Ссылки

http://www.securityfocus.com/bid/105865
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-11-01
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105865
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-11-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00481

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-v7jc-crf6-wh7w

CVSS3: 8.8

github

больше 3 лет назад

In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331

EPSS

Процентиль: 65%

0.00481

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-787