CVE-2018-10111 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Gegl

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 40.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gegl Debian Gegl

Timeline

PublishedApr 16

Latest updateMay 14

Description

An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDgegl/gegl0.3.32

▶debiandebian/gegl

🔴Vulnerability Details

GHSA

GHSA-hgwq-xhxh-fqj5: An issue was discovered in GEGL through 0↗2022-05-14

▶

OSV

CVE-2018-10111: An issue was discovered in GEGL through 0↗2018-04-16

▶

📋Vendor Advisories

Red Hat

gegl: unbounded memory allocation in render_rectangle function in process/gegl-processor.c↗2018-04-14

▶

Debian

CVE-2018-10111: gegl - An issue was discovered in GEGL through 0.3.32. The render_rectangle function in...↗2018

▶

💬Community

Bugzilla

CVE-2018-10111 gegl03: gegl: unbounded memory allocation in render_rectangle function in process/gegl-processor.c [fedora-all]↗2018-07-27

▶

Bugzilla

CVE-2018-10111 CVE-2018-10112 CVE-2018-10113 CVE-2018-10114 gegl: various flaws [fedora-all]↗2018-04-20

▶

Bugzilla

CVE-2018-10111 gegl: unbounded memory allocation in render_rectangle function in process/gegl-processor.c↗2018-04-20

▶