CVE-2018-18356: An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit…

high8.8CVSS 3.0

AVNACLPRNUIRSUCHIHAH

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected

33 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
chromium	chromium	>= 0 < 71.0.3578.80-1	71.0.3578.80-1
chromium	chromium	>= 0 < 71.0.3578.80-1	71.0.3578.80-1
chromium	chromium	>= 0 < 71.0.3578.80-1	71.0.3578.80-1
chromium	chromium	>= 0 < 71.0.3578.80-1	71.0.3578.80-1
debian	chromium	< chromium 71.0.3578.80-1 (bookworm)	chromium 71.0.3578.80-1 (bookworm)
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	firefox	< chromium 71.0.3578.80-1 (bookworm)	chromium 71.0.3578.80-1 (bookworm)
debian	firefox-esr	< chromium 71.0.3578.80-1 (bookworm)	chromium 71.0.3578.80-1 (bookworm)
debian	thunderbird	< chromium 71.0.3578.80-1 (bookworm)	chromium 71.0.3578.80-1 (bookworm)
google	chrome	< 71.0.3578.80	71.0.3578.80
google	chrome	>= unspecified < 71.0.3578.80	71.0.3578.80
mozilla	thunderbird	>= 0 < 1:60.5.1-1	1:60.5.1-1
mozilla	thunderbird	>= 0 < 1:60.5.1-1	1:60.5.1-1
mozilla	thunderbird	>= 0 < 1:60.5.1-1	1:60.5.1-1
mozilla	thunderbird	>= 0 < 1:60.5.1-1	1:60.5.1-1
mozilla	thunderbird	>= 0 < 1:60.5.1+build2-0ubuntu0.14.04.1	1:60.5.1+build2-0ubuntu0.14.04.1
mozilla	thunderbird	>= 0 < 1:60.5.1+build2-0ubuntu0.16.04.1	1:60.5.1+build2-0ubuntu0.16.04.1
mozilla	thunderbird	>= 0 < 1:60.5.1+build2-0ubuntu0.18.04.1	1:60.5.1+build2-0ubuntu0.18.04.1
opensuse	leap	—	—
redhat	enterprise_linux_desktop	—	—

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv8.8HIGH