CVE-2018-18335

Name	CVE-2018-18335
Description	Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DSA-4352-1
Debian Bugs	818180

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
chromium (PTS)	stretch (security), stretch (lts), stretch	73.0.3683.75-1~deb9u1	fixed
	buster, buster (security)	90.0.4430.212-1~deb10u1	fixed
	bullseye	108.0.5359.94-1~deb11u1	fixed
	bullseye (security)	111.0.5563.110-1~deb11u1	fixed
	bookworm	111.0.5563.64-1	fixed
	sid	111.0.5563.110-1	fixed
chromium-browser (PTS)	stretch (security), stretch (lts), stretch	71.0.3578.80-1~deb9u1	fixed
firefox-esr (PTS)	jessie, jessie (lts)	68.9.0esr-1~deb8u2	fixed
	stretch (security), stretch (lts), stretch	91.11.0esr-1~deb9u1	fixed
	buster	91.12.0esr-1~deb10u1	fixed
	buster (security)	102.9.0esr-1~deb10u1	fixed
	bullseye	91.13.0esr-1~deb11u1	fixed
	bullseye (security)	102.9.0esr-1~deb11u1	fixed
	sid, bookworm	102.9.0esr-2	fixed
thunderbird (PTS)	jessie, jessie (lts)	1:68.9.0-1~deb8u2	fixed
	stretch (security), stretch (lts), stretch	1:91.10.0-1~deb9u1	fixed
	buster	1:91.12.0-1~deb10u1	fixed
	buster (security)	1:102.9.0-1~deb10u1	fixed
	bullseye	1:91.13.0-1~deb11u1	fixed
	bullseye (security)	1:102.9.0-1~deb11u1	fixed
	sid, bookworm	1:102.9.0-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
chromium	source	(unstable)	71.0.3578.80-1
chromium-browser	source	stretch	71.0.3578.80-1~deb9u1	DSA-4352-1
firefox-esr	source	(unstable)	(not affected)
skia	ITP				818180
thunderbird	source	(unstable)	(not affected)

Notes

- firefox-esr <not-affected> (Only affects MacOS specific which had Canvas 2D acceleration enabled)
- thunderbird <not-affected> (Only affects MacOS specific which had Canvas 2D acceleration enabled)
https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18335
https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18335