{"api_version":"1","generated_at":"2026-06-10T06:18:19+00:00","cve":"CVE-2018-9536","urls":{"html":"https://cve.report/CVE-2018-9536","api":"https://cve.report/api/cve/CVE-2018-9536.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-9536","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-9536"},"summary":{"title":"CVE-2018-9536","description":"In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184","state":"PUBLIC","assigner":"security@android.com","published_at":"2018-11-14 18:29:00","updated_at":"2018-12-14 14:14:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/2018-11-01","name":"https://source.android.com/security/bulletin/2018-11-01","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Android Security Bulletin—November 2018  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105865","name":"105865","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Google Android Media Framework Component Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-9536","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-9536","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"9536","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"9536","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@android.com","ID":"CVE-2018-9536","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-9"}]}}]},"vendor_name":"Google Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of privilege"}]}]},"references":{"reference_data":[{"name":"105865","refsource":"BID","url":"http://www.securityfocus.com/bid/105865"},{"name":"https://source.android.com/security/bulletin/2018-11-01","refsource":"CONFIRM","url":"https://source.android.com/security/bulletin/2018-11-01"}]}},"nvd":{"publishedDate":"2018-11-14 18:29:00","lastModifiedDate":"2018-12-14 14:14:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"9536","Ordinal":"125950","Title":"CVE-2018-9536","CVE":"CVE-2018-9536","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"9536","Ordinal":"1","NoteData":"In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184","Type":"Description","Title":null},{"CveYear":"2018","CveId":"9536","Ordinal":"2","NoteData":"2018-11-14","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"9536","Ordinal":"3","NoteData":"2018-11-15","Type":"Other","Title":"Modified"}]}}}