CVE-2018-9536

HIGH

Android - Out-of-bounds Write in libFDK

Title source: llm
STIX 2.1

Description

In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105865
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-11-01

Scores

CVSS v3 7.8
EPSS 0.0143
EPSS Percentile 69.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
google/android 9.0
Published Nov 14, 2018
Tracked Since Feb 18, 2026