vulnerability

Oracle Linux: CVE-2018-12181: ELSA-2019-4668: edk2 security update (IMPORTANT) (Multiple Advisories)

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 7, 2019
Added
Jun 7, 2019
Modified
Jan 7, 2025

Description

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 16(2^4) or 256(2^8) colors.

Solution(s)

oracle-linux-upgrade-aavmforacle-linux-upgrade-edk2-aarch64oracle-linux-upgrade-edk2-ovmforacle-linux-upgrade-ovmf
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.