Fluid Attacks Database

Description

An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	gegl	>=0 <0.3.34-1	0.3.34-1
debian 12	gegl	>=0 <0.3.34-1	0.3.34-1
debian 14	gegl	>=0 <0.3.34-1	0.3.34-1
debian 13	gegl	>=0 <0.3.34-1	0.3.34-1
rpm rhel8	gegl	-	-

Aliases

1. CVE-2018-101142. NVD-2018-101143. OSV-DEBIAN-2018-101144. OSV-2018-101145. SECURITY-TRACKER-CVE-2018-10114

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.