CVE-2018-11278

HIGH

Android - Out-of-bounds Read in Venus HW Bit Stream Decoder

Title source: llm
STIX 2.1

Description

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.

Scores

CVSS v3 7.1
EPSS 0.0017
EPSS Percentile 6.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-125
Status published
Products (1)
google/android
Published Sep 18, 2018
Tracked Since Feb 18, 2026