Main Vulnerability Database SB2018041807

SB2018041807 - Denial of service in GEGL

Published: April 18, 2018

Security Bulletin ID SB2018041807

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Uncontrolled memory allocation (CVE-ID: CVE-2018-10113)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the process function, as defined in the operations/external/ppm-load.c code file due to unbounded memory allocation. A local attacker can submit specially crafted input, trigger memory corruption and cause the service to crash.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://github.com/xiaoqx/pocs/tree/master/gegl