CVE-2018-9521Out-of-bounds Write in INC Android

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 34.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedNov 14
Latest updateMay 14

Description

In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5google_inc/androidAndroid-9

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-v7jc-crf6-wh7w: In parseMPEGCCData of NuPlayer2CCDecoder2022-05-14
CVEList
CVE-2018-9521: In parseMPEGCCData of NuPlayer2CCDecoder2018-11-14

📋Vendor Advisories

1
Android
CVE-2018-9521: Android Security Bulletin 2018-11-01 CVE: CVE-2018-9521 Severity: HIGH Type: RCE Affected AOSP versions: 9 References: A-1118743312018-11-01
CVE-2018-9521 — Out-of-bounds Write in INC Android | cvebase