CVE-2018-5095 — Integer Overflow or Wraparound in Mozilla Firefox
Severity
9.8CRITICALNVD
EPSS
2.9%
top 13.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 13
Description
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages9 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 6.0, 7.0, 7.3, 7.4, 7.5
🔴Vulnerability Details
5GHSA▶
GHSA-q2cr-9xxc-h8jx: An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM↗2022-05-13
OSV▶
CVE-2018-5095: An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM↗2018-06-11
CVEList▶
CVE-2018-5095: An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM↗2018-06-11
📋Vendor Advisories
4Red Hat
▶
Debian▶
CVE-2018-5095: firefox - An integer overflow vulnerability in the Skia library when allocating memory for...↗2018
💬Community
1Bugzilla▶
CVE-2018-5095 Mozilla: Integer overflow in Skia library during edge builder allocation (MFSA 2018-03)↗2018-01-23