CVE-2018-12911 - WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_g

CVE-2018-12911

Summary

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.

References

Vulnerable Configurations

cpe:2.3:a:webkitgtk:webkitgtk\+:2.20.3:*:*:*:*:*:*:*
cpe:2.3:a:webkitgtk:webkitgtk\+:2.20.3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

CVSS

Base:	7.5 (as of 18-09-2018 - 14:58)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc	https://trac.webkit.org/changeset/233404/webkit
ubuntu	USN-3743-1

Last major update

18-09-2018 - 14:58

Published

19-07-2018 - 13:29

Last modified

18-09-2018 - 14:58