Advisories ยป MGASA-2019-0003

Updated libgxps packages fix security vulnerabilities

Publication date: 05 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-10733


A flaw was found in libgxps through 0.3.0. There is a heap-based buffer
over-read in the function ft_font_face_hash of gxps-fonts.c. A crafted
input will lead to a remote denial of service attack (CVE-2018-10733).

An integer overflow flaw exists within the
"gxps_images_create_from_png()" function in libgxps/gxps-images.c. An
attacker can exploit this flaw to cause a heap-based buffer overflow by
tricking a user into opening a specially crafted XPS document in an
application using libgxps (rhbz#1524378).