Out-of-bounds Write in edk2 | CVE-2018-12181

Q: How to fix?

Upgrade Debian:unstable edk2 to version 0~20181115.85588389-3 or higher.

Threat Intelligence

0.16% (38^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIANUNSTABLE-EDK2-340155
published11 Mar 2019
disclosed27 Mar 2019

Report a new vulnerability Found a mistake?

Introduced: 11 Mar 2019

CVE-2018-12181 (opens in a new tab) CWE-787 (opens in a new tab)

How to fix?

Upgrade Debian:unstable edk2 to version 0~20181115.85588389-3 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream edk2 package and not the edk2 package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

References

https://security-tracker.debian.org/tracker/CVE-2018-12181
https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html
https://access.redhat.com/errata/RHSA-2019:2125
https://access.redhat.com/errata/RHSA-2019:3338
https://usn.ubuntu.com/4349-1/
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12181
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/

Out-of-bounds Write Affecting edk2 package, versions <0~20181115.85588389-3

Severity