CVE-2018-10114 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Gegl

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 40.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gegl Debian Gegl

Timeline

PublishedApr 16

Latest updateMay 14

Description

An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/gegl< gegl 0.3.34-1 (bookworm)

▶Debiangegl/gegl< 0.3.34-1+3

▶NVDgegl/gegl0.3.32

🔴Vulnerability Details

GHSA

GHSA-w9gq-wjp3-cvf5: An issue was discovered in GEGL through 0↗2022-05-14

▶

OSV

CVE-2018-10114: An issue was discovered in GEGL through 0↗2018-04-16

▶

📋Vendor Advisories

Red Hat

gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c↗2018-04-14

▶

Debian

CVE-2018-10114: gegl - An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_sim...↗2018

▶

💬Community

Bugzilla

CVE-2018-10114 gegl03: gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c [fedora-all]↗2018-07-27

▶

Bugzilla

CVE-2018-10111 CVE-2018-10112 CVE-2018-10113 CVE-2018-10114 gegl: various flaws [fedora-all]↗2018-04-20

▶

Bugzilla

CVE-2018-10114 gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c↗2018-04-20

▶