http://bugzilla.opensuse.org/show_bug.cgi?id=1089730 Bug ID: 1089730 Summary: VUL-1: CVE-2018-10111: gegl: The render_rectangle function inprocess/gegl-processor.c has unbounded memory allocation, leading to a denial of service Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/204017/ OS: openSUSE Factory Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: sbrabec@suse.com Reporter: jsegitz@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- Created attachment 767310 --> http://bugzilla.opensuse.org/attachment.cgi?id=767310&action=edit Reproducer CVE-2018-10111 An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. Reproducer: gegl gegl-dos-2 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10111 https://github.com/xiaoqx/pocs/tree/master/gegl -- You are receiving this mail because: You are on the CC list for the bug.