Vulnerability CVE-2019-8518

Vulnerability Name:

CVE-2019-8518 (CCN-158583)

Assigned:

2019-03-25

Published:

2019-03-25

Updated:

2020-08-24

Summary:

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

6.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
5.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-787
CWE-94

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2019-8518

Source: XF
Type: UNKNOWN
apple-safari-cve20198518-code-exec(158583)

Source: CCN
Type: Apple security document HT209601
About the security content of tvOS 12.2

Source: CCN
Type: Apple security document HT209602
About the security content of watchOS 5.2

Source: CCN
Type: Apple security document HT209603
About the security content of Safari 12.1

Source: CCN
Type: Apple security document HT209604
About the security content of iTunes 12.9.4 for Windows

Source: MISC
Type: Vendor Advisory
https://support.apple.com/HT209599

Source: MISC
Type: Vendor Advisory
https://support.apple.com/HT209601

Source: MISC
Type: Vendor Advisory
https://support.apple.com/HT209602

Source: MISC
Type: Vendor Advisory
https://support.apple.com/HT209603

Source: MISC
Type: Vendor Advisory
https://support.apple.com/HT209604

Source: MISC
Type: Vendor Advisory
https://support.apple.com/HT209605

Vulnerable Configuration:

Configuration 1:

cpe:/a:apple:icloud:*:*:*:*:*:windows:*:* (Version < 7.11)

OR cpe:/a:apple:itunes:*:*:*:*:*:windows:*:* (Version < 12.9.4)

OR cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version < 12.1)

OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 12.2)

OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 12.2)

OR cpe:/o:apple:watchos:*:*:*:*:*:*:*:* (Version < 5.2)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 8:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apple:safari:12.0.3:*:*:*:*:*:*:*

AND

cpe:/o:apple:macos_sierra:10.12.6:*:*:*:*:*:*:*

OR cpe:/o:apple:macos_high_sierra:10.13.6:*:*:*:*:*:*:*

OR cpe:/o:apple:tvos:12.1.1:*:*:*:*:*:*:*

OR cpe:/o:apple:macos_mojave:10.14.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20198518	V	CVE-2019-8518	2023-06-22
oval:org.opensuse.security:def:8033	P	libjavascriptcoregtk-5_0-0-2.38.6-150400.4.39.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7603	P	libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7941	P	libjavascriptcoregtk-4_1-0-2.38.6-150400.4.39.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:738	P	Security update for webkit2gtk3 (Important)	2022-09-07
oval:org.opensuse.security:def:3320	P	pam_yubico-2.26-1.25 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3401	P	xen-4.12.1_06-1.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3174	P	libgc1-7.2d-5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3018	P	augeas-1.10.1-2.6 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3162	P	libcdio14-0.90-6.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95031	P	libjavascriptcoregtk-5_0-0-2.36.0-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94648	P	libjavascriptcoregtk-4_0-18-2.36.0-150400.2.13 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94950	P	libjavascriptcoregtk-4_1-0-2.36.0-150400.2.13 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:144	P	libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1073	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:1296	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3) (Important)	2022-03-29
oval:org.opensuse.security:def:112660	P	libjavascriptcoregtk-4_0-18-2.32.4-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:70035	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:49125	P	Security update for sles12sp2-docker-image (Important)	2021-12-13
oval:org.opensuse.security:def:49301	P	Security update for python-Pygments (Important)	2021-11-29
oval:org.opensuse.security:def:49455	P	Security update for php74 (Moderate)	2021-11-18
oval:org.opensuse.security:def:1277	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:1744	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:106141	P	libjavascriptcoregtk-4_0-18-2.32.4-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:1633	P	Security update for linuxptp (Moderate)	2021-09-23
oval:org.opensuse.security:def:69725	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:47828	P	minicom-2.7-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48274	P	powerpc-utils-1.3.7-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47949	P	apache2-2.4.23-29.43.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47814	P	libxml2-2-2.9.4-46.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47813	P	libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48142	P	libldb1-1.5.4-1.28 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:2000	P	cyrus-sasl-bdb-2.1.27-2.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2433	P	tiff-4.0.9-5.30.28 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2006	P	libncurses5-32bit-6.1-5.6.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2033	P	aws-cli-1.18.117-8.11.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2035	P	google-compute-engine-oslogin-20190801-4.38.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62162	P	libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101239	P	typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1934	P	libtidy-devel-5.4.0-3.2.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72552	P	typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62833	P	typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100817	P	dbus-1-1.12.2-8.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71903	P	libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100920	P	libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:49447	P	Security update for php72 (Important)	2021-08-06
oval:org.opensuse.security:def:48495	P	libgcrypt20-1.6.1-16.33.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48514	P	libksba8-1.3.0-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48835	P	gegl-0_2-0.2.0-14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48939	P	libpcsclite1-32bit-1.8.10-7.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2443	P	dia-0.97.3-2.32 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48951	P	libvdpau1-32bit-1.1.1-6.73 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1978	P	pam-modules-12.1-3.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48874	P	libuuid-devel-2.29.2-2.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48512	P	libjpeg-turbo-1.3.1-30.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48950	P	libuuid-devel-2.29.2-7.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48728	P	kernel-default-extra-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2455	P	libavcodec-devel-3.4.2-2.35 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48969	P	typelib-1_0-EvinceDocument-3_0-3.20.2-6.22.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48366	P	apache-commons-daemon-1.0.15-4.181 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48637	P	tomcat-8.0.36-11.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2437	P	NetworkManager-lang-1.10.6-3.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48812	P	pidgin-otr-4.0.0-11.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48496	P	libgnomesu-2.0.0-353.6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2469	P	openconnect-7.08-4.26 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48970	P	typelib-1_0-Gtk-2_0-2.24.31-7.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:66784	P	Security update for java-1_8_0-openj9 (Moderate)	2021-05-20
oval:org.opensuse.security:def:1989	P	reiserfs-kmp-default-4.12.14-195.1 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:1980	P	gv-3.7.4-1.41 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:1984	P	libncurses5-32bit-6.1-5.3.1 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:51545	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:69830	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:93794	P	(Important)	2021-02-26
oval:org.opensuse.security:def:51607	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:66692	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:2524	P	enigmail-2.1.5-3.22.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94104	P	typelib-1_0-JavaScriptCore-4_0-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2508	P	libwpd-0_10-10-0.10.2-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72441	P	typelib-1_0-JavaScriptCore-4_0-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107173	P	libjavascriptcoregtk-4_0-18-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2028	P	python-azure-agent-2.2.45-3.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62722	P	typelib-1_0-JavaScriptCore-4_0-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2475	P	NetworkManager-applet-1.8.10-3.39 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49041	P	libvpx1-32bit-1.3.0-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100507	P	libjavascriptcoregtk-4_0-18-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107483	P	typelib-1_0-JavaScriptCore-4_0-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:48976	P	bluez-cups-5.13-5.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116731	P	libjavascriptcoregtk-4_0-18-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2514	P	Mesa-dri-nouveau-19.3.4-45.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71568	P	libjavascriptcoregtk-4_0-18-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1998	P	pam-modules-12.1-3.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61827	P	libjavascriptcoregtk-4_0-18-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2484	P	freerdp-2.0.0~rc4-8.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117041	P	typelib-1_0-JavaScriptCore-4_0-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2023	P	aws-cli-1.18.38-8.8.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2522	P	colord-gtk-lang-0.1.26-1.48 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2683	P	Security update for webkit2gtk3 (Important)	2020-12-02
oval:org.opensuse.security:def:2673	P	Security update for libnettle (Moderate)	2020-12-02
oval:org.opensuse.security:def:49940	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51056	P	Security update for buildah (Moderate)	2020-12-01
oval:org.opensuse.security:def:70140	P	typelib-1_0-JavaScriptCore-4_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49718	P	typelib-1_0-JavaScriptCore-4_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49544	P	libcdio++0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49545	P	libexempi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73047	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49707	P	open-vm-tools-desktop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66474	P	libjavascriptcoregtk-4_0-18 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49224	P	libpython3_6m1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49676	P	libmad-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50371	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:50030	P	rmt-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49664	P	libexiv2-26 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73357	P	buildah on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50196	P	libntfs-3g87 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49611	P	accountsservice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66382	P	emacs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49702	P	libvpx-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49780	P	cups-ddk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50165	P	libvncclient0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51118	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:73165	P	libjavascriptcoregtk-4_0-18 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50317	P	Security update for axis (Moderate)	2020-12-01
oval:org.opensuse.security:def:50100	P	spice-gtk-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49179	P	libjavascriptcoregtk-4_0-18 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49070	P	coreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50269	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:49096	P	g3utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73475	P	typelib-1_0-JavaScriptCore-4_0 on GA media (Moderate)	2020-12-01
oval:com.ubuntu.disco:def:201985180000000	V	CVE-2019-8518 on Ubuntu 19.04 (disco) - medium.	2019-12-18
oval:com.ubuntu.bionic:def:201985180000000	V	CVE-2019-8518 on Ubuntu 18.04 LTS (bionic) - medium.	2019-12-18
oval:com.ubuntu.xenial:def:201985180000000	V	CVE-2019-8518 on Ubuntu 16.04 LTS (xenial) - medium.	2019-12-18
oval:com.redhat.rhsa:def:20193553	P	RHSA-2019:3553: GNOME security, bug fix, and enhancement update (Low)	2019-11-05
oval:com.redhat.rhba:def:20192261	P	RHBA-2019:2261: webkitgtk4 bug fix update (Moderate)	2019-08-06
oval:com.ubuntu.cosmic:def:20198518000	V	CVE-2019-8518 on Ubuntu 18.10 (cosmic) - medium.	2019-04-11
oval:com.ubuntu.cosmic:def:201985180000000	V	CVE-2019-8518 on Ubuntu 18.10 (cosmic) - medium.	2019-04-11
oval:com.ubuntu.bionic:def:20198518000	V	CVE-2019-8518 on Ubuntu 18.04 LTS (bionic) - medium.	2019-04-11
oval:com.ubuntu.trusty:def:20198518000	V	CVE-2019-8518 on Ubuntu 14.04 LTS (trusty) - medium.	2019-04-11
oval:com.ubuntu.xenial:def:20198518000	V	CVE-2019-8518 on Ubuntu 16.04 LTS (xenial) - medium.	2019-04-11

BACK