Heap-based Buffer Over-read in libgxps Affects Remote Service Functionality
CVE-2018-10733

6.5MEDIUM

Key Information:

Vendor

Gnome
Status
Libgxps
Vendor
CVE Published:
4 May 2018

What is CVE-2018-10733?

The libgxps library, specifically within the function responsible for handling font face hashes in gxps-fonts.c, is susceptible to a heap-based buffer over-read. By providing specially crafted input, an attacker could trigger this vulnerability, potentially leading to a denial of service condition. This issue is present in versions up to 0.3.0 of the library, which could expose systems using it to remote attacks that compromise service availability.

References

https://access.redhat.com/errata/RHSA-2018:3505
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3140
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1574844
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.