CVE-2018-5160

Name
CVE-2018-5160
Description
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-11/
Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=1436117
Third Party Advisory https://usn.ubuntu.com/3645-1/
Third Party Advisory http://www.securitytracker.com/id/1040896
Third Party Advisory http://www.securityfocus.com/bid/104139

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* ubuntu_linux == None == 18.04
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* ubuntu_linux == None == 17.10
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* ubuntu_linux == None == 16.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* ubuntu_linux == None == 14.04

Vulnerable and fixed packages

Source package Branch Version Maintainer Status