CVE-2018-5146

 

Published at: - 11-06-2018 11:29

Last modified: - 24-09-2022 03:03

Total changes: - 2

Description

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://www.mozilla.org/security/advisories/mfsa2018-09/
• https://www.mozilla.org/security/advisories/mfsa2018-08/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1446062
• DSA-4155-Third Party Advisory
• DSA-4143-Third Party Advisory
• DSA-4140-Third Party Advisory
• USN-3604-1-Third Party Advisory
• USN-3599-1-Third Party Advisory
• USN-3545-1-Third Party Advisory
• [debian-lts-announce] 20180430 [SECURITY] [DLA 1368-1] libvorbis security update-Mailing List, Third Party Advisory
• [debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update-Mailing List, Third Party Advisory
• [debian-lts-announce] 20180326 [SECURITY] [DLA 1319-1] firefox-esr security update-Mailing List, Third Party Advisory
• RHSA-2018:1058-Third Party Advisory
• RHSA-2018:0649-Third Party Advisory
• RHSA-2018:0648-Third Party Advisory
• RHSA-2018:0647-Third Party Advisory
• RHSA-2018:0549-Third Party Advisory
• 1040544-Third Party Advisory, VDB Entry
• 103432-Third Party Advisory, VDB Entry
• GLSA-201811-13-Third Party Advisory

 

Keywords

NVD

 

CVE-2018-5146

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures