CVE-2018-12181

MEDIUM

EDK II - Out-of-bounds Write via Corrupted BMP Processing

Title source: llm
STIX 2.1

Description

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

References (8)

Core 8
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2125
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3338
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4349-1/

Scores

CVSS v3 6.0
EPSS 0.0043
EPSS Percentile 34.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
tianocore/edk_ii
Published Mar 27, 2019
Tracked Since Feb 18, 2026