Vulnerability CVE-2018-18493: Information
Description
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2018-31/ |
|
https://www.mozilla.org/security/advisories/mfsa2018-30/ |
|
https://www.mozilla.org/security/advisories/mfsa2018-29/ |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1504452 |
|
DSA-4362 |
|
DSA-4354 |
|
USN-3868-1 |
|
USN-3844-1 |
|
[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update |
|
RHSA-2019:0160 |
|
RHSA-2019:0159 |
|
RHSA-2018:3833 |
|
RHSA-2018:3831 |
|
106168 |
|
GLSA-201903-04 |
|