CVE-2018-9490

HIGH Year: 2018
CVSS v3 Score
7.8
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-704
View all →

Vulnerability Description

In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046

Related Vulnerabilities

CVE-2014-9627

HIGH
CVSS:7.8(High)

The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows rem...

CWE-7042014

CVE-2016-4709

HIGH
CVSS:7.8(High)

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.

CWE-7042016

CVE-2016-4710

HIGH
CVSS:7.8(High)

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.

CWE-7042016

CVE-2016-7617

HIGH
CVSS:7.8(High)

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context...

CWE-7042016

CVE-2016-7655

HIGH
CVSS:7.8(High)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users ...

CWE-7042016

CVE-2016-8602

HIGH
CVSS:7.8(High)

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript...

CWE-7042016