CVE-2018-6406

HIGH

libwebm < 2018-01-30 - Out-of-bounds Read in ParseVP9SuperFrameIndex

Title source: llm
STIX 2.1

Description

The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact.

Scores

CVSS v3 8.8
EPSS 0.0204
EPSS Percentile 78.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (1)
webmproject/libwebm < 2018-01-30
Published Jan 30, 2018
Tracked Since Feb 18, 2026