#VU14608 Out-of-bounds read in Gnome GLib


Published: 2018-09-04 | Updated: 2018-12-10

Vulnerability identifier: #VU14608

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-16429

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Gnome GLib
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). A local attacker can execute a specially crafted application or file that submits malicious input and cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Gnome GLib: 2.56.1


CPE

External links
http://gitlab.gnome.org/GNOME/glib/issues/1361


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability