CVE-2018-9341

Published: Nov 19, 2024Modified: Nov 22, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Affected (7)

Products: Google: Android

Google

1 product

Android

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 6.0.1
Google Android	Version 6.0
Google Android	Version 7.0
Google Android	Version 7.1.1
Google Android	Version 7.1.2
Google Android	Version 8.0
Google Android	Version 8.1

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://source.android.com/security/bulletin/2018-06-01

Source: security@android.com

PatchVendor Advisory

Timeline

No history available yet.