{ "name": "CVE-2018-9473", "CVE": [ [ "CVE-2018-9473", "Bulletin-CVE-2018-9473" ] ], "Coordinated_disclosure": "unknown", "Categories": [ "Media framework" ], "Details": [ [ "In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460", "NIST-CVE-2018-9473" ] ], "Discovered_on": [], "Discovered_by": [ [ "Niky1235 (@jiych_guru)", "Discovery-CVE-2018-9473" ] ], "Submission": [ { "by": "dcc52", "on": "2019-07-25" } ], "Reported_on": [ [ "2018-10-01", "Bulletin-CVE-2018-9473" ] ], "Fixed_on": [ [ "2017-08-29", "A-65484460" ] ], "Fix_released_on": [ [ "2018-10-05", "Bulletin-CVE-2018-9473" ] ], "Affected_versions": [ [ "8.0", "Bulletin-CVE-2018-9473" ] ], "Affected_devices": [], "Affected_versions_regexp": [ "(8\\.0\\.[0-9])" ], "Affected_manufacturers": [ [ "all", "Bulletin-CVE-2018-9473" ] ], "Fixed_versions": [ [ "8.0", "Bulletin-CVE-2018-9473" ] ], "Fixed_versions_regexp": [ "(8\\.0\\.[0-9])" ], "references": { "A-65484460": { "url": "https://android.googlesource.com/platform/external/libhevc/+/9f0fb67540d2259e4930d9bd5f1a1a6fb95af862" }, "NIST-CVE-2018-9473": { "url": "https://nvd.nist.gov/vuln/data-feeds" }, "Bulletin-CVE-2018-9473": { "url": "https://source.android.com/security/bulletin/2018-10-01.html" }, "Discovery-CVE-2018-9473": { "url": "https://source.android.com/security/overview/acknowledgements" } }, "Surface": [ "remote" ], "Vector": [ "memory-corruption" ], "Target": [ "system-component" ], "Channel": [ "file-placement" ], "Condition": [ "file-placed-onto-device" ], "Privilege": [ "root" ], "CWE": [ [ "CWE-190", "NIST-CVE-2018-9473" ] ] }