35. Stack Overflow on Corrupted BMP
Description:
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
Impact:
Denial of Service or Elevation of Privilege
Severity:
7.4 high CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H
Recommendation:
EDK II Commits:
https://github.com/tianocore/edk2/commit/89910a39dcfd788057caa5d88b7e76e112d187b5
https://github.com/tianocore/edk2/commit/ffe5f7a6b4e978dffbe1df228963adc914451106
Patch:
Acknowledgments:
Intel Team
References:
CVE-2018-12181
EDK II Bugzilla #1135