CVE-2018-12181
published 2019-03-27CVE-2018-12181: Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
medium6CVSS 3.0
AVLACLPRHUINSUCNIHAH
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | edk2 | < edk2 0~20181115.85588389-3 (bookworm) | edk2 0~20181115.85588389-3 (bookworm) |
| extensible_firmware_interface_development_kit | extensible_firmware_interface_development_kit | — | — |
| tianocore | edk2 | >= 0 < 0~20181115.85588389-3 | 0~20181115.85588389-3 |
| tianocore | edk2 | >= 0 < 0~20181115.85588389-3 | 0~20181115.85588389-3 |
| tianocore | edk2 | >= 0 < 0~20181115.85588389-3 | 0~20181115.85588389-3 |
| tianocore | edk2 | >= 0 < 0~20181115.85588389-3 | 0~20181115.85588389-3 |
| tianocore | edk2 | >= 0 < 0~20160408.ffea0a2c-2ubuntu0.1 | 0~20160408.ffea0a2c-2ubuntu0.1 |
| tianocore | edk2 | >= 0 < 0~20180205.c0d9813c-2ubuntu0.2 | 0~20180205.c0d9813c-2ubuntu0.2 |
CVSS provenance
nvdv3.06.0MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
osv9.1CRITICAL