CVE-2018-9536 — Out-of-bounds Write in INC Android

CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 56.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google INC Android Google Android

Timeline

PublishedNov 14

Latest updateMay 14

Description

In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDgoogle/android9.0

▶CVEListV5google_inc/androidAndroid-9

🔴Vulnerability Details

GHSA

GHSA-xjg9-9f7c-cx46: In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks↗2022-05-14

▶

OSV

CVE-2018-9536: In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks↗2018-11-14

▶

CVEList

CVE-2018-9536: In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks↗2018-11-14

▶

📋Vendor Advisories

Android

CVE-2018-9536: Android Security Bulletin 2018-11-01 CVE: CVE-2018-9536 Severity: CRITICAL Type: EoP Affected AOSP versions: 9 References: A-112662184↗2018-11-01

▶