Gnome Libgxps vulnerabilities

CVE-2018-10767 [MEDIUM] CWE-125 CVE-2018-10767: There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_ty There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

CVE-2018-10733 [MEDIUM] CWE-125 CVE-2018-10733: There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.

CVE-2017-11590 [HIGH] CWE-476 CVE-2017-11590: There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5 There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.