CVE-2018-9521 - In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an inco

CVE-2018-9521

Summary

In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331

References

http://www.securityfocus.com/bid/105865
https://source.android.com/security/bulletin/2018-11-01

Vulnerable Configurations

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 27-12-2018 - 14:06)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	105865
confirm	https://source.android.com/security/bulletin/2018-11-01

Last major update

27-12-2018 - 14:06

Published

14-11-2018 - 18:29

Last modified

27-12-2018 - 14:06