Candidate: CVE-2018-10733
PublicDate: 2018-05-04 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10733
Description:
 There is a heap-based buffer over-read in the function ft_font_face_hash of
 gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a
 remote denial of service attack.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897954
 https://bugzilla.redhat.com/show_bug.cgi?id=1574844
 https://bugs.launchpad.net/ubuntu/+source/libgxps/+bug/1797785
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_libgxps:
 upstream: https://git.gnome.org/browse/libgxps/commit/?id=b458226e162fe1ffe7acb4230c114a52ada5131b
 upstream: https://git.gnome.org/browse/libgxps/commit/?id=133fe2a96e020d4ca65c6f64fb28a404050ebbfd
upstream_libgxps: needs-triage
precise/esm_libgxps: DNE
trusty_libgxps: ignored (reached end-of-life)
trusty/esm_libgxps: DNE (trusty was needed)
xenial_libgxps: ignored (end of standard support, was needed)
esm-infra/xenial_libgxps: needed
artful_libgxps: ignored (reached end-of-life)
bionic_libgxps: needed
cosmic_libgxps: released (0.3.0-3)
disco_libgxps: released (0.3.0-3)
eoan_libgxps: released (0.3.0-3)
focal_libgxps: released (0.3.0-3)
groovy_libgxps: released (0.3.0-3)
hirsute_libgxps: released (0.3.0-3)
impish_libgxps: released (0.3.0-3)
jammy_libgxps: released (0.3.0-3)
devel_libgxps: released (0.3.0-3)