CVE-2018-9521

2018-11-1418:00:00

google_android

www.cve.org

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

48.0%

JSON

In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331

CNA Affected

[
  {
    "product": "Android",
    "vendor": "Google Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Android-9"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105865

source.android.com/security/bulletin/2018-11-01