CVE-2018-12366 — Out-of-bounds Read in Mozilla Firefox
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
1.1%
top 22.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Latest updateMay 14
Description
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages11 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 7.6, 7.5
🔴Vulnerability Details
6GHSA▶
GHSA-prjg-83q2-8vgv: An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value↗2022-05-14
OSV▶
CVE-2018-12366: An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value↗2018-10-18
CVEList▶
CVE-2018-12366: An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value↗2018-10-18