CVE-2018-10114

{"id": "CVE-2018-10114", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-04-16T09:58:10.260", "references": [{"url": "https://bugzilla.gnome.org/show_bug.cgi?id=795248", "tags": ["Exploit", "Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/xiaoqx/pocs/tree/master/gegl", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c."}, {"lang": "es", "value": "Se ha descubierto un problema en GEGL hasta su versi\u00f3n 0.3.32. La funci\u00f3n gegl_buffer_iterate_read_simple en buffer/gegl-buffer-access.c permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (violaci\u00f3n de acceso de escritura) o que pueda tener cualquier otro tipo de impacto sin especificar mediante un archivo PPM mal formado. Esto se relaciona con las restricciones incorrectas de asignaci\u00f3n de memoria en la funci\u00f3n bppm_load_read_header en operations/external/ppm-load.c."}], "lastModified": "2018-05-17T14:45:00.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gegl:gegl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "117DADDC-DC12-428B-AA6E-F22F2413D6A7", "versionEndIncluding": "0.3.32"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}