CVE-2018-9536 - In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds che

CVE-2018-9536

Summary

In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184

References

http://www.securityfocus.com/bid/105865
https://source.android.com/security/bulletin/2018-11-01

Vulnerable Configurations

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 14-12-2018 - 14:14)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	105865
confirm	https://source.android.com/security/bulletin/2018-11-01

Last major update

14-12-2018 - 14:14

Published

14-11-2018 - 18:29

Last modified

14-12-2018 - 14:14