Possible Out of Bounds Read in FontUtils.cpp Could Lead to Local Information Disclosure
CVE-2018-9410

5.5MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 19 November 2024

What is CVE-2018-9410?

The vulnerability identified in the FontUtils component of the Android operating system allows for a potential out of bounds read due to a missing bounds check within the analyzeAxes function. This issue enables attackers to gain unauthorized access to sensitive information, as it permits local information disclosure without requiring any additional execution privileges or user interaction. As a result, systems running the affected versions of Android may face security risks that can be exploited by malicious entities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Android 8

Android 8.1.0

References

https://source.android.com/security/bulletin/2018-07-01

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2024
Vulnerability Reserved
Apr 5, 2018

JSON

Google