Stack-based Buffer Over-read in GLib Affecting libgxps by Red Hat
CVE-2018-10767

6.5MEDIUM

Key Information:

Vendor

Gnome
Status
Libgxps
Vendor
CVE Published:
6 May 2018

What is CVE-2018-10767?

A stack-based buffer over-read has been identified in the GLib library within the function gxps_images_guess_content_type located in gxps-images.c of the libgxps package. This issue arises because the implementation fails to handle negative return values from the g_input_stream_read function appropriately. When processing crafted input, this oversight can be exploited to create a remote denial of service, leading to potential disruptions in service for affected systems.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1575188
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:3505
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3140
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.