Fluid Attacks Database

Description

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libgxps	>=0 <0.3.0-3	0.3.0-3
debian 13	libgxps	>=0 <0.3.0-3	0.3.0-3
debian 14	libgxps	>=0 <0.3.0-3	0.3.0-3
rpm rhel7	poppler	<0:0.26.5-20.el7	0:0.26.5-20.el7
debian 11	libgxps	>=0 <0.3.0-3	0.3.0-3
rpm rhel7	gom	<0:0.3.3-1.el7	0:0.3.3-1.el7
rpm rhel7	libgtop2	<0:2.38.0-3.el7	0:2.38.0-3.el7
rpm rhel7	evolution-ews	<0:3.28.5-1.el7	0:3.28.5-1.el7
rpm rhel7	cheese	<2:3.28.0-1.el7	2:3.28.0-1.el7
rpm rhel7	ekiga	<0:4.0.1-8.el7	0:4.0.1-8.el7

1-10 of 150

Aliases

1. CVE-2018-107332. NVD-2018-107333. OSV-DEBIAN-2018-107334. OSV-2018-107335. SECURITY-TRACKER-CVE-2018-10733

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.