MGASA-2019-0003
- Source
- https://advisories.mageia.org/MGASA-2019-0003.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0003.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2019-0003
- Related
- Published
- 2019-01-05T18:30:16Z
- Modified
- 2019-01-05T18:02:12Z
- Summary
- Updated libgxps packages fix security vulnerabilities
- Details
-
A flaw was found in libgxps through 0.3.0. There is a heap-based buffer over-read in the function ftfontface_hash of gxps-fonts.c. A crafted input will lead to a remote denial of service attack (CVE-2018-10733).
An integer overflow flaw exists within the "gxpsimagescreatefrompng()" function in libgxps/gxps-images.c. An attacker can exploit this flaw to cause a heap-based buffer overflow by tricking a user into opening a specially crafted XPS document in an application using libgxps (rhbz#1524378).
- References
-
- https://advisories.mageia.org/MGASA-2019-0003.html
- https://bugs.mageia.org/show_bug.cgi?id=23128
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YMI6TEEICL3TNCY4C2VVCZGZEAERZFDZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UY53OSYKXQJ4PBBGTBJFU7FLVWGGFV4J/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / libgxps
Package
- Name
- libgxps
- Purl
- pkg:rpm/mageia/libgxps?distro=mageia-6