PT-2018-10925 · Mozilla+3 · Firefox Os+3
Publicado
2018-12-20
·
Atualizado
2019-01-09
·
CVE-2018-11963
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android for MSM (affected versions not specified)
Firefox OS for MSM (affected versions not specified)
QRD Android (affected versions not specified)
Description
A buffer overread issue may occur due to non-null terminated strings while processing vsprintf in the camera jpeg driver. This issue affects Android releases using the Linux kernel.
Recommendations
For Android for MSM, update to a version that includes a fix for the buffer overread issue in the camera jpeg driver.
For Firefox OS for MSM, update to a version that includes a fix for the buffer overread issue in the camera jpeg driver.
For QRD Android, update to a version that includes a fix for the buffer overread issue in the camera jpeg driver.
As a temporary workaround, consider restricting access to the camera jpeg driver to minimize the risk of exploitation.
Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android
Firefox Os
Linux Kernel
Qrd Android