CVE-2018-12371
8.8
HIGH
CVSS 3.1
EPSS 0.50%
Description
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.
How to fix CVE-2018-12371
To remediate CVE-2018-12371, upgrade the affected package to a fixed version below.
- Debian/thunderbird—upgrade to 1:60.0-1 or later
Is CVE-2018-12371 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:60.0-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |