CVE-2018-5146 — Out-of-bounds Write in Mozilla Firefox
Severity
9.8CRITICALNVD
NVD8.8NVD6.5CNA8.8OSV8.8
EPSS
44.8%
top 2.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 14
Description
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages14 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.6, 7.5
🔴Vulnerability Details
9GHSA▶
GHSA-qxgw-7whg-72j2: An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest↗2022-05-14
📋Vendor Advisories
7Android▶
CVE-2018-5146: Android Security Bulletin 2018-06-01
CVE: CVE-2018-5146
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 6↗2018-06-01
💬Community
9Bugzilla▶
CVE-2018-5146 mozjs45: Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) [fedora-all]↗2018-03-19
Bugzilla▶
CVE-2018-5146 mozjs38: Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) [fedora-all]↗2018-03-19
Bugzilla▶
CVE-2018-5146 thunderbird: Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) [fedora-all]↗2018-03-19
Bugzilla▶
CVE-2018-5146 mozjs38: Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) [epel-7]↗2018-03-19
Bugzilla▶
CVE-2018-5146 mingw-libvorbis: Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) [fedora-all]↗2018-03-19