CVE-2018-5095

Summary

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 52.6affected
MozillaFirefox ESRunspecified < 52.6affected
MozillaFirefoxunspecified < 58affected

Weaknesses

  • Integer overflow in Skia library during edge builder allocation

ADP Enrichment

CVE Program Container

Additional References

References