CVE-2018-9341
HIGHAndroid - Out-of-bounds Write in impeg2d_mc_fullx_fully
Title source: llmDescription
In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://source.android.com/security/bulletin/2018-06-01
Scores
CVSS v3
7.8
EPSS
0.0040
EPSS Percentile
32.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (7)
google/android
6.0
google/android
6.0.1
google/android
7.0
google/android
7.1.1
google/android
7.1.2
google/android
8.0
google/android
8.1
Published
Nov 19, 2024
Tracked Since
Feb 18, 2026