Vulnerability Name:

CVE-2018-10114 (CCN-141644)

Assigned:2018-04-14
Published:2018-04-14
Updated:2018-05-17
Summary:An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-10114

Source: CCN
Type: GNOME Bugzilla – Bug 795248
(CVE-2018-10114) crash on reading malformed ppm files

Source: MISC
Type: Exploit, Issue Tracking
https://bugzilla.gnome.org/show_bug.cgi?id=795248

Source: XF
Type: UNKNOWN
gegl-cve201810114-dos(141644)

Source: MISC
Type: Exploit, Vendor Advisory
https://github.com/xiaoqx/pocs/tree/master/gegl

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gegl:gegl:*:*:*:*:*:*:*:* (Version <= 0.3.32)

    • Configuration CCN 1:
  • cpe:/a:gegl:gegl:0.3.32:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201810114
    V
    		CVE-2018-10114
    2022-09-02
    oval:org.opensuse.security:def:658
    P
    		Security update for mokutil (Moderate)
    2022-08-03
    oval:org.opensuse.security:def:3558
    P
    		libXfont1-1.5.1-11.3.12 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3557
    P
    		libXfixes3-32bit-5.0.1-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95187
    P
    		gegl-0_3-0.3.34-3.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95188
    P
    		gegl-0_4-0.4.34-150400.1.7 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:112284
    P
    		gegl-0.4.30-2.8 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:1148
    P
    		Security update for go1.16 (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:1743
    P
    		Security update for drbd-utils (Low)
    2021-11-16
    oval:org.opensuse.security:def:1785
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:64776
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-12
    oval:org.opensuse.security:def:66945
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-12
    oval:org.opensuse.security:def:70301
    P
    		Security update for apache2 (Important)
    2021-10-12
    oval:org.opensuse.security:def:105809
    P
    		gegl-0.4.30-2.8 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:71363
    P
    		perl-DBD-mysql-4.046-1.13 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:47998
    P
    		e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47631
    P
    		grub2-2.02-11.8 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48222
    P
    		libwavpack1-4.60.99-5.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47766
    P
    		libpng16-16-1.6.8-14.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48091
    P
    		libXxf86vm1-1.1.3-3.53 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47670
    P
    		libX11-6-1.6.2-12.5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48331
    P
    		unrar-5.0.14-3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47805
    P
    		libvmtools0-10.3.0-2.6 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47630
    P
    		groff-1.22.2-5.287 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48130
    P
    		libjasper1-1.900.14-195.15.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47645
    P
    		ibus-chewing-1.4.14-4.11 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47959
    P
    		automake-1.13.4-6.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47669
    P
    		libSoundTouch0-1.7.1-5.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48183
    P
    		libqpdf18-7.1.1-3.3.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47684
    P
    		libXt6-1.1.4-3.57 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:2383
    P
    		gegl-0.4.16-1.99 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63472
    P
    		gegl-0.4.16-1.99 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:101032
    P
    		pam_krb5-2.4.13-1.36 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1109
    P
    		libpng12-0-1.2.57-2.18 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1704
    P
    		libjpeg8-32bit-8.1.2-5.15.7 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:68023
    P
    		Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP1) (Important)
    2021-07-27
    oval:org.opensuse.security:def:48897
    P
    		cyrus-sasl-digestmd5-32bit-2.1.26-8.7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48691
    P
    		libqt4-sql-mysql-32bit-4.8.6-2.6 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48787
    P
    		libfbembed2_5-2.5.2.26539-13.42 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48584
    P
    		openvpn-2.3.8-16.6.4 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48730
    P
    		libIlmImf-Imf_2_1-21-32bit-2.1.0-4.5 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48826
    P
    		colord-1.3.3-12.13 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48629
    P
    		supportutils-3.0-85.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48756
    P
    		raptor-2.0.10-3.67 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:2446
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48370
    P
    		apache2-mod_nss-1.0.14-18.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48858
    P
    		libmikmod3-3.2.0-4.59 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:63535
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48668
    P
    		empathy-3.10.3-1.131 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48795
    P
    		libnewt0_52-0.52.16-1.83 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48545
    P
    		libraptor2-0-2.0.10-3.63 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:73636
    P
    		Security update for ceph (Important)
    2021-06-02
    oval:org.opensuse.security:def:64689
    P
    		Security update for graphviz (Critical)
    2021-05-19
    oval:org.opensuse.security:def:70196
    P
    		Security update for zstd (Moderate)
    2021-04-08
    oval:org.opensuse.security:def:66853
    P
    		Security update for sudo (Important)
    2021-01-26
    oval:org.opensuse.security:def:63574
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107698
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2527
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63616
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:90103
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:71476
    P
    		emacs-25.3-3.3.18 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:103758
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:117213
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:94319
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2485
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:50130
    P
    		nodejs10 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50145
    P
    		gegl-0_3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50172
    P
    		xorg-x11-server-wayland on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50184
    P
    		gegl-0_3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73518
    P
    		openldap2-devel-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:68123
    P
    		gegl-0_3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50091
    P
    		python3-pywbem on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50226
    P
    		gegl-0_3 on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.bionic:def:2018101140000000
    V
    		CVE-2018-10114 on Ubuntu 18.04 LTS (bionic) - low.
    2018-04-16
    oval:com.ubuntu.artful:def:201810114000
    V
    		CVE-2018-10114 on Ubuntu 17.10 (artful) - low.
    2018-04-16
    oval:com.ubuntu.xenial:def:201810114000
    V
    		CVE-2018-10114 on Ubuntu 16.04 LTS (xenial) - low.
    2018-04-16
    oval:com.ubuntu.xenial:def:2018101140000000
    V
    		CVE-2018-10114 on Ubuntu 16.04 LTS (xenial) - low.
    2018-04-16
    oval:com.ubuntu.bionic:def:201810114000
    V
    		CVE-2018-10114 on Ubuntu 18.04 LTS (bionic) - low.
    2018-04-16
    oval:com.ubuntu.disco:def:2018101140000000
    V
    		CVE-2018-10114 on Ubuntu 19.04 (disco) - low.
    2018-04-16
    oval:com.ubuntu.cosmic:def:201810114000
    V
    		CVE-2018-10114 on Ubuntu 18.10 (cosmic) - low.
    2018-04-16
    oval:com.ubuntu.cosmic:def:2018101140000000
    V
    		CVE-2018-10114 on Ubuntu 18.10 (cosmic) - low.
    2018-04-16
    oval:com.ubuntu.trusty:def:201810114000
    V
    		CVE-2018-10114 on Ubuntu 14.04 LTS (trusty) - low.
    2018-04-16
    BACK
    gegl gegl *
    gegl gegl 0.3.32