Possible Out of Bound Read in ItemTable.cpp Could Lead to Information Disclosure

CVE-2018-9429

6.5MEDIUM

Key Information

Vendor
Google
Status
Android
Vendor
CVE Published:
2 December 2024

Summary

In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Version(s)

Android = 8.1

Refferences

https://source.android.com/docs/security/bulletin/pixel/2...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.