Login Sign Up

CVE-2018-9472

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2018-9472 is an integer overflow vulnerability in libxml2's xmlmemory.c that can lead to out-of-bounds write and remote code execution. It affects Android devices and requires user interaction for exploitation. Attackers could execute arbitrary code in unprivileged processes.

💻 Affected Systems

Products:
  • Android
Versions: Android 8.0 and 8.1
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects libxml2 library used by Android system components and apps that parse XML. User interaction needed (e.g., opening malicious XML file).

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or installation of persistent malware.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the vulnerable application's context.

🟢

If Mitigated

No impact if patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious content) but can be delivered via web or email.
🏢 Internal Only: LOW - Still requires user interaction; less likely to be targeted internally.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires user to open malicious XML content. Public proof-of-concept exists, making weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2018-09-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-09-01

Restart Required: Yes

Instructions:

1. Apply Android security update from September 2018 or later. 2. Install via system updates (Settings > System > Advanced > System update). 3. Reboot device after update.

🔧 Temporary Workarounds

Disable XML parsing in vulnerable apps

android

Configure apps to avoid parsing untrusted XML files if possible.

Use application sandboxing

android

Ensure apps run with minimal permissions to limit impact.

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks and sources of XML files.
  • Implement mobile device management (MDM) to restrict installation of untrusted apps.

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level: Settings > About phone > Android security patch level. If earlier than 2018-09-01, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Confirm Android security patch level is 2018-09-01 or later.

📡 Detection & Monitoring

Log Indicators:

  • Crashes in apps parsing XML, unusual process behavior in system logs (logcat).

Network Indicators:

  • Downloads of XML files from untrusted sources, unusual network connections post-XML parsing.

SIEM Query:

Not typically applicable for mobile devices; monitor for anomalies in mobile threat defense solutions.

📊 Metadata

CVE ID: CVE-2018-9472
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: November 20, 2024
Last Updated: December 18, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-9472, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)