CVE-2018-10114
published 2018-04-16CVE-2018-10114: An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a…
PriorityP337high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
1.93%
77.4th percentile
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gegl | < gegl 0.3.34-1 (bookworm) | gegl 0.3.34-1 (bookworm) |
| gegl | gegl | <= 0.3.32 | — |
| gegl | gegl | >= 0 < 0.3.34-1 | 0.3.34-1 |
| gegl | gegl | >= 0 < 0.3.34-1 | 0.3.34-1 |
| gegl | gegl | >= 0 < 0.3.34-1 | 0.3.34-1 |
| gegl | gegl | >= 0 < 0.3.34-1 | 0.3.34-1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c
vendor_redhat·2018-04-14·CVSS 8.8
CVE-2018-10114 [HIGH] CWE-787 gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c
gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
Package: gegl (Red Hat Enterprise Linux 6) - Not affected
Package: gegl (Red Hat Enterprise Linux 7) - Not affected
Package: gegl (Red Hat Enterprise Linux 8) - Will not fix
Package: gegl04 (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-10114: gegl - An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_sim...
vendor_debian·2018·CVSS 8.8
CVE-2018-10114 [HIGH] CVE-2018-10114: gegl - An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_sim...
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
Scope: local
bookworm: resolved (fixed in 0.3.34-1)
bullseye: resolved (fixed in 0.3.34-1)
forky: resolved (fixed in 0.3.34-1)
sid: resolved (fixed in 0.3.34-1)
trixie: resolved (fixed in 0.3.34-1)
GHSA
GHSA-w9gq-wjp3-cvf5: An issue was discovered in GEGL through 0
ghsa_unreviewed·2022-05-14
CVE-2018-10114 [HIGH] CWE-119 GHSA-w9gq-wjp3-cvf5: An issue was discovered in GEGL through 0
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
OSV
CVE-2018-10114: An issue was discovered in GEGL through 0
osv·2018-04-16·CVSS 8.8
CVE-2018-10114 [HIGH] CVE-2018-10114: An issue was discovered in GEGL through 0
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-10114 gegl03: gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c [fedora-all]
bugzilla·2018-07-27·CVSS 8.8
CVE-2018-10114 [HIGH] CVE-2018-10114 gegl03: gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c [fedora-all]
CVE-2018-10114 gegl03: gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit mes
Bugzilla
CVE-2018-10111 CVE-2018-10112 CVE-2018-10113 CVE-2018-10114 gegl: various flaws [fedora-all]
bugzilla·2018-04-20·CVSS 7.5
CVE-2018-10111 [HIGH] CVE-2018-10111 CVE-2018-10112 CVE-2018-10113 CVE-2018-10114 gegl: various flaws [fedora-all]
CVE-2018-10111 CVE-2018-10112 CVE-2018-10113 CVE-2018-10114 gegl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple sup
Bugzilla
CVE-2018-10114 gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c
bugzilla·2018-04-20·CVSS 8.8
CVE-2018-10114 [HIGH] CVE-2018-10114 gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c
CVE-2018-10114 gegl: write access violation gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c
A flaw was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
References:
https://bugzilla.gnome.org/show_bug.cgi?id=795248
https://github.com/xiaoqx/pocs/tree/master/gegl
Patch:
https://git.gnome.org/browse/gegl/commit/?id=c83b05d565a1e3392c9606a4ecaa560eb9a4ee29
Discussion:
Created gegl tracking bugs for this issue:
Affects: fedora-all [bug
2018-04-16
Published