PT-2018-10925 · Mozilla+3 · Firefox Os+3
Published
2018-12-20
·
Updated
2019-01-09
·
CVE-2018-11963
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android for MSM (affected versions not specified)
Firefox OS for MSM (affected versions not specified)
QRD Android (affected versions not specified)
Description
A buffer overread issue may occur due to non-null terminated strings while processing vsprintf in the camera jpeg driver. This issue affects Android releases using the Linux kernel.
Recommendations
For Android for MSM, update to a version that includes a fix for the buffer overread issue in the camera jpeg driver.
For Firefox OS for MSM, update to a version that includes a fix for the buffer overread issue in the camera jpeg driver.
For QRD Android, update to a version that includes a fix for the buffer overread issue in the camera jpeg driver.
As a temporary workaround, consider restricting access to the camera jpeg driver to minimize the risk of exploitation.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Firefox Os
Linux Kernel
Qrd Android