Multiple vulnerabilities in GEGL
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-10111 CVE-2018-10112 |
| CWE-ID | CWE-789 CWE-787 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
GEGL Universal components / Libraries / Libraries used by multiple products |
| Vendor | gegl.org |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Uncontrolled memory allocation
EUVDB-ID: #VU12049
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:U]
CVE-ID: CVE-2018-10111
CWE-ID:
CWE-789 - Uncontrolled Memory Allocation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the render_rectangle function in the process/gegl-processor.csource code file due to unbounded memory allocation. A local attacker can submit specially crafted input, trigger memory corruption and cause the service to crash.
MitigationCybersecurity is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsGEGL: 0.3.0 - 0.3.32
External linkshttp://github.com/xiaoqx/pocs/tree/master/gegl
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Out-of-bounds write
EUVDB-ID: #VU12050
Risk: High
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-10112
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to improper handling of PNG files during a call to the babl_format_get_bytes_per_pixel function in the babl-format.csource code file. A remote attacker can trick the victim into accessing a specially crafted PNG file, trigger out-of-bounds write in the gegl_tile_backend_swap_constructedfunction in the buffer/gegel-tile-backend-swap.c source code file, and cause the service to crash or execute arbitrary code.
Cybersecurity is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsGEGL: 0.3.0 - 0.3.32
External linkshttp://github.com/xiaoqx/pocs/tree/master/gegl
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
