Package libgxps updated to version 0.3.1-alt1 for branch sisyphus in task 218990.

Published: 2018-05-04
Modified: 2024-11-21

CVE-2018-10733

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

openSUSE-SU-2019:1120
openSUSE-SU-2019:1120
RHBA-2019:0327
RHBA-2019:0327
RHSA-2018:3140
RHSA-2018:3140
RHSA-2018:3505
RHSA-2018:3505
https://bugzilla.redhat.com/show_bug.cgi?id=1574844
https://bugzilla.redhat.com/show_bug.cgi?id=1574844

Published: 2018-05-07
Modified: 2024-11-21

CVE-2018-10767

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

RHBA-2019:0327
RHBA-2019:0327
RHSA-2018:3140
RHSA-2018:3140
RHSA-2018:3505
RHSA-2018:3505
https://bugzilla.redhat.com/show_bug.cgi?id=1575188
https://bugzilla.redhat.com/show_bug.cgi?id=1575188

Version: 2.1.0

Package libgxps update in sisyphus on 2019-01-05

ALT-PU-2019-1007-1

Closed vulnerabilities

CVE-2018-10733

CVE-2018-10767