CVE-2018-9521

HIGH

Android - Out-of-bounds Write in NuPlayer2CCDecoder

Title source: llm
STIX 2.1

Description

In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105865
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-11-01

Scores

CVSS v3 8.8
EPSS 0.0154
EPSS Percentile 72.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
google/android 9.0
Published Nov 14, 2018
Tracked Since Feb 18, 2026