PT-2018-2709 · Mozilla+6 · Firefox Esr+8

Atte Kettunen

·

Publicado

2018-12-11

·

Atualizado

2024-12-12

·

CVE-2018-18493

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 64 Firefox ESR versions prior to 60.4 Thunderbird versions prior to 60.4
Description A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit, resulting in a potentially exploitable crash. The issue is related to a buffer overflow in the Skia library, which may allow a remote attacker to execute arbitrary code or cause a denial of service.
Recommendations For Firefox versions prior to 64, update to version 64 or later. For Firefox ESR versions prior to 60.4, update to version 60.4 or later. For Thunderbird versions prior to 60.4, update to version 60.4 or later.

Correção

Buffer Overflow

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-346

Identificadores relacionados

ALT-PU-2018-2824
ALT-PU-2018-2958
ALT-PU-2018-2963
ALT-PU-2019-2324
ALT-PU-2019-2486
BDU:2019-01425
BDU:2019-01426
CESA-2018_3831
CESA-2018_3833
CESA-2019_0159
CESA-2019_0160
CVE-2018-18493
DLA-1605-1
DLA-1624-1
DSA-4354-1
DSA-4362-1
MGASA-2018-0483
OPENSUSE-SU-2018_4112-1
OPENSUSE-SU-2019:0249-1
OPENSUSE-SU-2019:0251-1
OPENSUSE-SU-2019_0182-1
OPENSUSE-SU-2019_0251-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2018:3831
RHSA-2018:3833
RHSA-2018_3831
RHSA-2018_3833
RHSA-2019:0159
RHSA-2019:0160
RHSA-2019_0159
RHSA-2019_0160
SUSE-SU-2018:4235-1
SUSE-SU-2018:4236-1
SUSE-SU-2018:4236-2
SUSE-SU-2019:0338-1
USN-3844-1
USN-3868-1

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Skia Library
Suse
Thunderbird
Ubuntu