PT-2018-17628 · Google · Libwebm
Published
2018-02-02
·
Updated
2018-02-21
·
CVE-2018-6548
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
libwebm through 2018-02-02
Description
A use-after-free issue was discovered. If a
Vp9HeaderParser was initialized once before, its property frame would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm info.cc.Recommendations
For libwebm through 2018-02-02, at the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libwebm