CVE-2018-10733

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
gnomelibgxps
𝑥
≤ 0.3.0
redhatansible_tower
3.3
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
opensuseleap
15.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgxps
bullseye
0.3.2-1
fixed
stretch
no-dsa
jessie
no-dsa
wheezy
ignored
bookworm
0.3.2-2
fixed
sid
0.3.2-4
fixed
trixie
0.3.2-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgxps
noble
Fixed 0.3.0-3
released
mantic
Fixed 0.3.0-3
released
lunar
Fixed 0.3.0-3
released
kinetic
Fixed 0.3.0-3
released
jammy
Fixed 0.3.0-3
released
impish
Fixed 0.3.0-3
released
hirsute
Fixed 0.3.0-3
released
groovy
Fixed 0.3.0-3
released
focal
Fixed 0.3.0-3
released
eoan
Fixed 0.3.0-3
released
disco
Fixed 0.3.0-3
released
cosmic
Fixed 0.3.0-3
released
bionic
needed
artful
ignored
xenial
needed
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00005.html
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3140
https://access.redhat.com/errata/RHSA-2018:3505
https://bugzilla.redhat.com/show_bug.cgi?id=1574844
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00005.html
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3140
https://access.redhat.com/errata/RHSA-2018:3505
https://bugzilla.redhat.com/show_bug.cgi?id=1574844