Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-18498

Опубликовано: 11 дек. 2018
Источник: redhat
CVSS3: 9.8
EPSS Низкий

Описание

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Отчет

In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxFixedRHSA-2018:383117.12.2018
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2019:015924.01.2019
Red Hat Enterprise Linux 7firefoxFixedRHSA-2018:383317.12.2018
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2019:016024.01.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1658402Mozilla: Integer overflow when calculating buffer sizes for images

EPSS

Процентиль: 92%
0.08106
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-18498

CVSS3: 9.8
ubuntu
больше 6 лет назад

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

nvd логотип

CVE-2018-18498

CVSS3: 9.8
nvd
больше 6 лет назад

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

debian логотип

CVE-2018-18498

CVSS3: 9.8
debian
больше 6 лет назад

A potential vulnerability leading to an integer overflow can occur dur ...

github логотип

GHSA-qw4q-g9g4-q5fj

CVSS3: 9.8
github
больше 3 лет назад

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

fstec логотип

BDU:2019-01423

CVSS3: 9.8
fstec
почти 7 лет назад

Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с целочисленным переполнением, позволяющая нарушителю осуществить запись за границами буфера в памяти

EPSS

Процентиль: 92%
0.08106
Низкий

9.8 Critical

CVSS3