CVE-2018-10114

An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
geglgegl
𝑥
≤ 0.3.32
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gegl
bullseye
1:0.4.26-2
fixed
stretch
no-dsa
jessie
no-dsa
wheezy
no-dsa
bookworm
1:0.4.42-2
fixed
trixie
1:0.4.48-2.5
fixed
sid
1:0.4.50-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gegl
noble
needed
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needed
impish
ignored
hirsute
ignored
groovy
ignored
focal
needed
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needed
artful
ignored
xenial
needed
trusty
dne
Common Weakness Enumeration
References
https://bugzilla.gnome.org/show_bug.cgi?id=795248
https://github.com/xiaoqx/pocs/tree/master/gegl
https://bugzilla.gnome.org/show_bug.cgi?id=795248
https://github.com/xiaoqx/pocs/tree/master/gegl