← Back

CVE-2018-9553

nvd nist
Published: Dec 6, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297.

Affected (6)

Products: Google: Android
Google
1 product
Android
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Google
Android
Version 7.0
Android
Version 7.1.1
Android
Version 7.1.2
Android
Version 8.0
Android
Version 8.1
Android
Version 9.0

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (4)

Source: security@android.com
Third Party AdvisoryVDB Entry
Source: security@android.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.