Denial of Service Vulnerability in GEGL by GE
CVE-2018-10112

8.8HIGH

Key Information:

Vendor: Gegl
Status: Gegl
Vendor: CVE Published:; 16 April 2018

What is CVE-2018-10112?

A vulnerability exists in GEGL versions prior to 0.3.32 that allows attackers to exploit a flaw in the gepg_tile_backend_swap_constructed function. This vulnerability can be triggered by a specially crafted PNG file, leading to a denial of service condition due to a write access violation. During processing, the malformed file is mishandled in the babl_format_get_bytes_per_pixel function, potentially causing instability and affecting the overall performance of the application.

References

https://bugzilla.gnome.org/show_bug.cgi?id=795249

x_refsource_MISC

https://github.com/xiaoqx/pocs/tree/master/gegl

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2018
Vulnerability Reserved
Apr 14, 2018

CVE-2018-10112 Data

JSON

Gegl

What is CVE-2018-10112?

References

CVSS V3.1

Timeline