CVE-2018-9452

Name of the Vulnerable Software and Affected Versions Android versions Android-7.0 through Android-9.0

Description The issue is related to a possible application hang due to a slow width calculation in the getOffsetForHorizontal function of Layout.java. This could lead to a remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is necessary for exploitation. The vulnerability is also associated with incorrect resource cleanup or release, which may allow a remote attacker to cause a denial of service.

Recommendations For Android versions Android-7.0 through Android-9.0, consider restricting the use of the getOffsetForHorizontal function in Layout.java to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using contacts with many hidden unicode characters in local apps to reduce the likelihood of triggering the issue.