CVE-2018-9350

MEDIUM EPSS 11.0%

Published Nov 27, 20241y ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Nov 27, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of bound read due to missing bounds check. This could lead to a denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVSS Details

Base Score

6.5

Exploitability

2.8

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

11.0% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 5

Vendor	Product	Version	Range
google	android	7.0	any
google	android	7.1.1	any
google	android	7.1.2	any
google	android	8.0	any
google	android	8.1	any

References 1

source.android.com https://source.android.com/docs/security/bulletin/pixel/2018-06-01

PatchVendor Advisory

Remediation

source.android.com https://source.android.com/docs/security/bulletin/pixel/2018-06-01

PatchVendor Advisory