Fluid Attacks Database

Description

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libgxps	>=0 <0.3.0-3	0.3.0-3
debian 11	libgxps	>=0 <0.3.0-3	0.3.0-3
debian 13	libgxps	>=0 <0.3.0-3	0.3.0-3
debian 12	libgxps	>=0 <0.3.0-3	0.3.0-3
rpm rhel7	libgweather	<0:3.28.2-2.el7	0:3.28.2-2.el7
rpm rhel7	adwaita-icon-theme	<0:3.28.0-1.el7	0:3.28.0-1.el7
rpm rhel7	clutter-gst3	<0:3.0.26-1.el7	0:3.0.26-1.el7
rpm rhel7	empathy	<0:3.12.13-1.el7	0:3.12.13-1.el7
rpm rhel7	folks	<1:0.11.4-1.el7	1:0.11.4-1.el7
rpm rhel7	freetype	<0:2.8-12.el7	0:2.8-12.el7

1-10 of 150

Aliases

1. CVE-2018-107672. NVD-2018-107673. OSV-DEBIAN-2018-107674. OSV-2018-107675. SECURITY-TRACKER-CVE-2018-10767

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.