PT-2018-1618 · Google · Android

Publicado

2018-06-25

Atualizado

2018-11-20

CVE-2018-9497

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions 7.0 through 9.0

Description The issue is related to the impeg2 fmt conv yuv420p to yuv420sp uv av8 function in the Media framework component of the Android operating system. It involves an out-of-bounds write due to a missing bounds check, which could lead to remote code execution. User interaction is required for exploitation.

Recommendations For Android versions 7.0 through 9.0, consider restricting access to the impeg2 fmt conv yuv420p to yuv420sp uv av8 function until a patch is available. As a temporary workaround, disabling the impeg2 fmt conv yuv420p to yuv420sp uv av8 function may help minimize the risk of exploitation.

Correção

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

BDU:2018-01177

CVE-2018-9497

Produtos afetados

Android

PT-2018-1618 · Google · Android

CVE-2018-9497

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7