Out-of-Bounds Write Vulnerability in Wine Product by WineHQ
CVE-2018-12933

9.8CRITICAL

Key Information:

Vendor

Winehq

Status
Wine
Vendor
CVE Published:
28 June 2018

What is CVE-2018-12933?

The PlayEnhMetaFileRecord function in Wine 3.7 is vulnerable to an out-of-bounds write issue that can be exploited by attackers. By manipulating the pCreatePen->ihPen array index, attackers may initiate a denial of service, causing unexpected behavior or crashes in the application. This vulnerability underscores the importance of updating to secure versions and implementing proper security measures.

References

https://source.winehq.org/git/wine.git/commit/b6da3547d89...
x_refsource_MISC
https://bugs.winehq.org/show_bug.cgi?id=45106
x_refsource_MISC
https://bugs.winehq.org/attachment.cgi?id=61285
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.