Integer Overflow in Skia Library: Potential Out-of-Bounds Writes

Integer Overflow in Skia Library: Potential Out-of-Bounds Writes

CVE-2018-5159 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Learn more about our Web App Pen Testing.