Fluid Attacks Database

Description

An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 14	gegl	=1:0.4.62-2 \|\| =1:0.4.62-2+hurd.1 \|\| =1:0.4.62-3 \|\| =1:0.4.62-3.1 \|\| =1:0.4.64-1 \|\| =1:0.4.64-2 \|\| =1:0.4.66-1 \|\| =1:0.4.66-2 \|\| =1:0.4.66-3 \|\| =1:0.4.68-1 \|\| =1:0.4.70-1
debian 12	gegl	=1:0.4.42-2 \|\| =1:0.4.42-2+deb12u1 \|\| =1:0.4.42-2+deb12u2 \|\| =1:0.4.44-1 \|\| =1:0.4.44-2 \|\| =1:0.4.44-3 \|\| =1:0.4.46-1 \|\| =1:0.4.46-3 \|\| =1:0.4.46-4 \|\| =1:0.4.46-4.1~exp1 \|\| =1:0.4.48-1 \|\| =1:0.4.48-1.1~exp1 \|\| =1:0.4.48-2 \|\| =1:0.4.48-2.1 \|\| =1:0.4.48-2.2 \|\| =1:0.4.48-2.4 \|\| =1:0.4.48-2.5 \|\| =1:0.4.50-1 \|\| =1:0.4.52-1 \|\| =1:0.4.54-1 \|\| =1:0.4.56-1 \|\| =1:0.4.58-1 \|\| =1:0.4.58-2 \|\| =1:0.4.62-1 \|\| =1:0.4.62-2 \|\| =1:0.4.62-2+hurd.1 \|\| =1:0.4.62-3 \|\| =1:0.4.62-3.1 \|\| =1:0.4.64-1 \|\| =1:0.4.64-2 \|\| =1:0.4.66-1 \|\| =1:0.4.66-2 \|\| =1:0.4.66-3 \|\| =1:0.4.68-1 \|\| =1:0.4.70-1
debian 13	gegl	=1:0.4.62-2 \|\| =1:0.4.62-2+deb13u1 \|\| =1:0.4.62-2+deb13u2 \|\| =1:0.4.62-2+hurd.1 \|\| =1:0.4.62-3 \|\| =1:0.4.62-3.1 \|\| =1:0.4.64-1 \|\| =1:0.4.64-2 \|\| =1:0.4.66-1 \|\| =1:0.4.66-2 \|\| =1:0.4.66-3 \|\| =1:0.4.68-1 \|\| =1:0.4.70-1
debian 11	gegl	=1:0.4.26-2 \|\| =1:0.4.26-2+deb11u1 \|\| =1:0.4.26-2+deb11u2 \|\| =1:0.4.28-1 \|\| =1:0.4.28-2 \|\| =1:0.4.28-3 \|\| =1:0.4.30-1 \|\| =1:0.4.32-1 \|\| =1:0.4.32-2 \|\| =1:0.4.34-1 \|\| =1:0.4.36-1 \|\| =1:0.4.36-2 \|\| =1:0.4.36-3 \|\| =1:0.4.36-3.1 \|\| =1:0.4.38-1 \|\| =1:0.4.40-1 \|\| =1:0.4.40-2 \|\| =1:0.4.42-1 \|\| =1:0.4.42-2 \|\| =1:0.4.44-1 \|\| =1:0.4.44-2 \|\| =1:0.4.44-3 \|\| =1:0.4.46-1 \|\| =1:0.4.46-3 \|\| =1:0.4.46-4 \|\| =1:0.4.46-4.1~exp1 \|\| =1:0.4.48-1 \|\| =1:0.4.48-1.1~exp1 \|\| =1:0.4.48-2 \|\| =1:0.4.48-2.1 \|\| =1:0.4.48-2.2 \|\| =1:0.4.48-2.4 \|\| =1:0.4.48-2.5 \|\| =1:0.4.50-1 \|\| =1:0.4.52-1 \|\| =1:0.4.54-1 \|\| =1:0.4.56-1 \|\| =1:0.4.58-1 \|\| =1:0.4.58-2 \|\| =1:0.4.62-1 \|\| =1:0.4.62-2 \|\| =1:0.4.62-2+hurd.1 \|\| =1:0.4.62-3 \|\| =1:0.4.62-3.1 \|\| =1:0.4.64-1 \|\| =1:0.4.64-2 \|\| =1:0.4.66-1 \|\| =1:0.4.66-2 \|\| =1:0.4.66-3 \|\| =1:0.4.68-1 \|\| =1:0.4.70-1
rpm rhel8	gegl	-

Aliases

1. CVE-2018-101122. NVD-2018-101123. OSV-DEBIAN-2018-101124. OSV-2018-101125. SECURITY-TRACKER-CVE-2018-10112

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.