CVE-2018-12371 — Integer Overflow or Wraparound in Mozilla Firefox
Severity
8.8HIGHNVD
OSV4.3
EPSS
0.5%
top 34.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 9
Latest updateMay 24
Description
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages7 packages
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-jvm4-fpvm-vr72: An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM↗2022-05-24
CVEList▶
CVE-2018-12371: An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM↗2020-07-09
OSV▶
CVE-2018-12371: An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM↗2020-07-09