Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-10767

Опубликовано: 05 мая 2018
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8libgxpsNot affected
Red Hat Enterprise Linux 7accountsserviceFixedRHSA-2018:314030.10.2018
Red Hat Enterprise Linux 7adwaita-icon-themeFixedRHSA-2018:314030.10.2018
Red Hat Enterprise Linux 7appstream-dataFixedRHSA-2018:314030.10.2018
Red Hat Enterprise Linux 7atkFixedRHSA-2018:314030.10.2018
Red Hat Enterprise Linux 7at-spi2-atkFixedRHSA-2018:314030.10.2018
Red Hat Enterprise Linux 7at-spi2-coreFixedRHSA-2018:314030.10.2018
Red Hat Enterprise Linux 7baobabFixedRHSA-2018:314030.10.2018
Red Hat Enterprise Linux 7boltFixedRHSA-2018:314030.10.2018
Red Hat Enterprise Linux 7braseroFixedRHSA-2018:314030.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1576175libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c

EPSS

Процентиль: 74%
0.00854
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-10767

CVSS3: 6.5
ubuntu
больше 7 лет назад

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

nvd логотип

CVE-2018-10767

CVSS3: 6.5
nvd
больше 7 лет назад

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

debian логотип

CVE-2018-10767

CVSS3: 6.5
debian
больше 7 лет назад

There is a stack-based buffer over-read in calling GLib in the functio ...

github логотип

GHSA-fg6g-g2cv-hgpf

CVSS3: 6.5
github
больше 3 лет назад

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

oracle-oval логотип

ELSA-2018-3140

oracle-oval
около 7 лет назад

ELSA-2018-3140: GNOME security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 74%
0.00854
Низкий

3.3 Low

CVSS3