CVE-2018-9379

In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS

No CVSS.

References

Link	Resource
https://source.android.com/security/bulletin/pixel/2018-06-01	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:7.1.2:::::::*
	cpe:2.3:o:google:android:6.0.1:::::::*
	cpe:2.3:o:google:android:6.0:::::::*
	cpe:2.3:o:google:android:7.0:::::::*
	cpe:2.3:o:google:android:8.0:::::::*
	cpe:2.3:o:google:android:7.1.1:::::::*
	cpe:2.3:o:google:android:8.1:::::::*

History

10 Jul 2025, 20:43

Type	Values Removed	Values Added
References	~~() https://source.android.com/security/bulletin/pixel/2018-06-01 -~~	() https://source.android.com/security/bulletin/pixel/2018-06-01 - Patch, Vendor Advisory
CPE		cpe:2.3:o:google:android:6.0.1:::::::* cpe:2.3:o:google:android:7.1.1:::::::* cpe:2.3:o:google:android:7.0:::::::* cpe:2.3:o:google:android:8.1:::::::* cpe:2.3:o:google:android:6.0:::::::* cpe:2.3:o:google:android:8.0:::::::* cpe:2.3:o:google:android:7.1.2:::::::*
First Time		Google android Google

17 Jan 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-17 23:15

Updated : 2025-07-10 20:43

NVD link : CVE-2018-9379

Mitre link : CVE-2018-9379

JSON object : View

Products Affected

google

android

CWE

No CWE.

JSON object

Attach tags to CVE-2018-9379

Attach tags to `CVE-2018-9379`