PT-2018-17628 · Google · Libwebm

Publicado

2018-02-02

Atualizado

2018-02-21

CVE-2018-6548

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libwebm through 2018-02-02

Description A use-after-free issue was discovered. If a Vp9HeaderParser was initialized once before, its property frame would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm info.cc.

Recommendations For libwebm through 2018-02-02, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

CVE-2018-6548

Produtos afetados

Libwebm

PT-2018-17628 · Google · Libwebm

CVE-2018-6548

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7