CVE-2018-12371: Integer Overflow
First published: Tue Jun 26 2018(Updated: )
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | <60 | 60 |
| Firefox | <61.0 | |
| Firefox ESR | <60.1.0 | |
| Thunderbird | <60.0 | |
| Firefox | <61 | 61 |
| Firefox ESR | <60.1 | 60.1 |
| debian/firefox | 135.0.1-1 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.7.0esr-1~deb11u1 1:128.5.0esr-1~deb12u1 1:128.7.0esr-1~deb12u1 1:128.7.0esr-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1465686
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/
- https://www.mozilla.org/security/advisories/mfsa2018-15/
- https://www.mozilla.org/security/advisories/mfsa2018-16/
- https://www.mozilla.org/security/advisories/mfsa2018-19/
- https://launchpad.net/bugs/cve/CVE-2018-12371
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12371
- https://nvd.nist.gov/vuln/detail/CVE-2018-12371
- https://security-tracker.debian.org/tracker/CVE-2018-12371
- https://ubuntu.com/security/CVE-2018-12371
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-12371
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-5187
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2018-12371?
CVE-2018-12371 is classified as a potentially exploitable vulnerability that could lead to crashes due to integer overflow.
How do I fix CVE-2018-12371?
To fix CVE-2018-12371, update affected software to the latest versions: Thunderbird above 60, Firefox ESR above 60.1, or Firefox above 61.
Which applications are affected by CVE-2018-12371?
Applications affected by CVE-2018-12371 include Mozilla Thunderbird versions up to 60 and Mozilla Firefox versions up to 61.
What causes the vulnerability CVE-2018-12371?
CVE-2018-12371 is caused by an integer overflow during memory allocation in the Skia library specific to systems with at least 16 GB of RAM.
What are the potential impacts of CVE-2018-12371?
The potential impacts of CVE-2018-12371 include the use of uninitialized memory leading to application crashes.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/references
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/event
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- vendor/mozilla
- canonical/thunderbird
- canonical/firefox
- canonical/firefox esr
- package-manager/debian