CVE-2018-12152: Buffer Overflow

Published Oct 10, 2018
·
Updated

Graphics. Multiple memory corruption issues were addressed with improved input validation.

Other sources

Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.

Credit

Piotr Bania(Cisco Talos)

Affected Software

17 affected componentsFixes available
Intel Graphics Drivers for Windows=15.33.43.4425
Intel Graphics Drivers for Windows=15.33.45.4653
Intel Graphics Drivers for Windows=15.33.46.4885
Intel Graphics Drivers for Windows=15.33.47.5059
Intel Graphics Drivers for Windows=15.36.26.4294
Intel Graphics Drivers for Windows=15.36.28.4332
Intel Graphics Drivers for Windows=15.36.31.4414
Intel Graphics Drivers for Windows=15.36.33.4578
Intel Graphics Drivers for Windows=15.36.34.4889
Intel Graphics Drivers for Windows=15.36.35.5057
Intel Graphics Drivers for Windows=15.40.34.4624
Intel Graphics Drivers for Windows=15.40.36.4703
Intel Graphics Drivers for Windows=15.40.37.4835
Intel Graphics Drivers for Windows=15.40.38.4963
Intel Graphics Drivers for Windows=15.40.41.5058
macOS Catalina<10.15.1
10.15.1
macOS Catalina<10.15
10.15

Event History

Oct 10, 2018
CVE Published
via MITRE·06:00 PM
Data Sourced
via MITRE·06:00 PM
DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the vulnerability ID of this issue?

The vulnerability ID is CVE-2018-12152.

2

What is the severity level of CVE-2018-12152?

The severity level of CVE-2018-12152 is high with a score of 7.8.

3

Which software versions are affected by CVE-2018-12152?

The affected software versions include Intel Graphics Driver versions 15.33.43.4425, 15.33.45.4653, 15.33.46.4885, 15.33.47.5059, 15.36.26.4294, 15.36.28.4332, 15.36.31.4414, 15.36.33.4578, 15.36.34.4889, 15.36.35.5057, 15.40.34.4624, 15.40.36.4703, 15.40.37.4835, 15.40.38.4963, and 15.40.41.5058, as well as Apple macOS Catalina up to version 10.15.1.

4

How can an unauthenticated remote user potentially exploit CVE-2018-12152?

An unauthenticated remote user may potentially execute arbitrary WebGL code via local access due to pointer corruption in the Unified Shader Compiler in Intel Graphics Drivers.

5

Where can I find more information about CVE-2018-12152?

You can find more information about CVE-2018-12152 on the following references: [Support.apple.com](https://support.apple.com/en-us/HT210722), [Seclists.org (Full Disclosure)](http://seclists.org/fulldisclosure/2019/Oct/55), [Seclists.org (Full Disclosure)](http://seclists.org/fulldisclosure/2019/Oct/56).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203