Mageia 6 MGASA-2019-0003 Critical: Libgxps Buffer Overflow Exploit
mageia
January 5, 2019
A flaw was found in libgxps through 0.3.0
Summary
A flaw was found in libgxps through 0.3.0. There is a heap-based buffer
over-read in the function ft_font_face_hash of gxps-fonts.c. A crafted
input will lead to a remote denial of service attack (CVE-2018-10733).
An integer overflow flaw exists within the
"gxps_images_create_from_png()" function in libgxps/gxps-images.c. An
attacker can exploit this flaw to cause a heap-based buffer overflow by
tricking a user into opening a specially crafted XPS document in an
application using libgxps (rhbz#1524378).
References
- https://bugs.mageia.org/show_bug.cgi?id=23128
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YMI6TEEICL3TNCY4C2VVCZGZEAERZFDZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UY53OSYKXQJ4PBBGTBJFU7FLVWGGFV4J/
- https://www.cve.org/CVERecord?id=CVE-2018-10733
Resolution
SRPMS
- 6/core/libgxps-0.2.5-1.2.mga6
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 05 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0003.html
Type: security
CVE: CVE-2018-10733
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!