NULL Pointer Dereference in GLib Affects GNOME Products
CVE-2018-16428

9.8CRITICAL

Key Information:

Vendor

Gnome
Status
Glib
Vendor
CVE Published:
4 September 2018

What is CVE-2018-16428?

A vulnerability in GNOME's GLib version 2.56.1 has been identified where the function g_markup_parse_context_end_parse() in gmarkup.c can result in a NULL pointer dereference. This flaw may lead to application crashes or unexpected behaviors when parsing markup, posing a potential risk to software stability. Users of the affected GLib version are advised to review the available patches and protect their systems accordingly.

References

https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af7...
x_refsource_MISC
https://usn.ubuntu.com/3767-1/
vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/105210
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.