CVE-2018-10112

An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
geglgegl
𝑥
≤ 0.3.32
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gegl
bullseye
ignored
bookworm
ignored
buster
ignored
stretch
ignored
jessie
no-dsa
wheezy
no-dsa
trixie
vulnerable
sid
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gegl
noble
needed
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needed
impish
ignored
hirsute
ignored
groovy
ignored
focal
needed
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needed
artful
ignored
xenial
needed
trusty
dne
Common Weakness Enumeration
References
https://bugzilla.gnome.org/show_bug.cgi?id=795249
https://github.com/xiaoqx/pocs/tree/master/gegl
https://bugzilla.gnome.org/show_bug.cgi?id=795249
https://github.com/xiaoqx/pocs/tree/master/gegl