Main Vulnerability Database Vulnerabilities #VU36405

Out-of-bounds write in Google Android - CVE-2018-9521

Published: November 14, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36405

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-9521

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331

How to mitigate CVE-2018-9521

Install update from vendor's website.

Out-of-bounds write in Google Android - CVE-2018-9521

Detailed vulnerability description

How to mitigate CVE-2018-9521

Sources

Please verify you're human