Mailinglist Archive: opensuse-bugs (6095 mails)

< Previous Next >
[Bug 1089730] New: VUL-1: CVE-2018-10111: gegl: The render_rectangle function inprocess/gegl-processor.c has unbounded memory allocation, leading to a denial of service
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 16 Apr 2018 15:28:26 +0000
  • Message-id: <bug-1089730-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1089730


Bug ID: 1089730
Summary: VUL-1: CVE-2018-10111: gegl: The render_rectangle
function inprocess/gegl-processor.c has unbounded
memory allocation, leading to a denial of service
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.3
Hardware: Other
URL: https://smash.suse.de/issue/204017/
OS: openSUSE Factory
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: sbrabec@xxxxxxxx
Reporter: jsegitz@xxxxxxxx
QA Contact: security-team@xxxxxxx
Found By: Security Response Team
Blocker: ---

Created attachment 767310
--> http://bugzilla.opensuse.org/attachment.cgi?id=767310&action=edit
Reproducer

CVE-2018-10111

An issue was discovered in GEGL through 0.3.32. The render_rectangle function
in
process/gegl-processor.c has unbounded memory allocation, leading to a denial
of
service (application crash) upon allocation failure.

Reproducer: gegl gegl-dos-2

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10111
https://github.com/xiaoqx/pocs/tree/master/gegl

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >