CVE-2018-10113 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Gegl

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 40.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gegl Debian Gegl Gegl Generic Graphics Library

Timeline

PublishedApr 16

Latest updateMay 14

Description

An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/gegl< gegl 0.3.34-1 (bookworm)

▶Debiangegl/gegl< 0.3.34-1+3

▶NVDgegl/generic_graphics_library0.3.32

🔴Vulnerability Details

GHSA

GHSA-732f-45j6-wqx9: An issue was discovered in GEGL through 0↗2022-05-14

▶

OSV

CVE-2018-10113: An issue was discovered in GEGL through 0↗2018-04-16

▶

📋Vendor Advisories

Red Hat

gegl: unbounded memory allocation in process function in operations/external/ppm-load.c↗2018-04-14

▶

Debian

CVE-2018-10113: gegl - An issue was discovered in GEGL through 0.3.32. The process function in operatio...↗2018

▶

💬Community

Bugzilla

CVE-2018-10113 gegl03: gegl: unbounded memory allocation in process function in operations/external/ppm-load.c [fedora-all]↗2018-07-27

▶

Bugzilla

CVE-2018-10111 CVE-2018-10112 CVE-2018-10113 CVE-2018-10114 gegl: various flaws [fedora-all]↗2018-04-20

▶

Bugzilla

CVE-2018-10113 gegl: unbounded memory allocation in process function in operations/external/ppm-load.c↗2018-04-20

▶