The issue exists due to incorrect integer truncation when copying large integers. This could allow for out of bounds write if an application relies on the length of an input. There is also a possible information leak due to incorrect bounds checking. This could be exploited via a malicious application that can cause a different application to leak information. User interaction is required. CVE-2018-4419 occurs due to incorrect integer truncation when copying large integers. This could allow for an out of bounds write if an application relies on the length of an input. There is also a possible information leak due to incorrect bounds checking. This could be exploited via a malicious application that can cause a different application to leak information. User interaction is required. CVE-2018-4420 occurs due to incorrect integer truncation when copying large integers. This could allow for an out of bounds write if an application relies on the length of an input. There is also a possible information leak due to incorrect bounds checking. This could be exploited via a malicious application that can cause a different application to leak information. User interaction is required. CVE-2018-4421 occurs due to incorrect integer truncation when copying large integers. This could allow for an out of bounds write if an application relies on the length of an input. There is also a possible information leak due to incorrect bounds checking

References

- The Common Vulnerabilities and Exposures project: CVE-2018-4421
- The Common Vulnerabilities and Exposures project: CVE-2018-4419
- The Common Vulnerabilities and Exposures project: CVE-2018-4420

Vulnerability Scenario

An attacker could exploit one of the above vulnerabilities by causing an application to leak information. A malicious application could also exploit one of the above vulnerabilities by causing another application to leak information.

Timeline

Published on: 11/08/2022 22:15:00 UTC
Last modified on: 11/09/2022 16:29:00 UTC

References