Stack Overflow Vulnerability in EDK II Affecting Multiple Linux Distributions
CVE-2018-12181

6MEDIUM

Key Information:

Vendor

Extensible Firmware Interface Development Kit (edk Ii)

Status
Extensible Firmware Interface Development Kit (edk Ii)
Vendor
CVE Published:
27 March 2019

What is CVE-2018-12181?

A stack overflow vulnerability exists in EDK II when processing corrupted BMP files. This flaw could be exploited by an unprivileged user to potentially induce a denial of service condition or escalate privileges if they have local access to the system. The vulnerability underscores the need for secure handling of BMP files within the EDK II framework.

Affected Version(s)

Extensible Firmware Interface Development Kit (EDK II)

References

https://edk2-docs.gitbooks.io/security-advisory/content/s...
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.