Ubuntu
libgxps package

heap buffer overflow in ft_font_face_hash of gxps-fonts.c CVE-2018-10733

Bug #1797785 reported by Jeremy Bícha on 2018-10-14

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libgxps (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

https://security-tracker.debian.org/tracker/CVE-2018-10733

This issue is fixed in Ubuntu 18.10 and needs to be fixed in at least Ubuntu 18.04 LTS.

https://launchpad.net/ubuntu/+source/libgxps/0.3.0-3

https://salsa.debian.org/gnome-team/libgxps/commits/debian/master

I believe you'll want these commits:

  * Cherry-pick gxps-archive-Ensure-gxps_archive_read_entry-fills-the-GEr.patch
    & gxps-archive-Handle-errors-returned-by-archive_read_data.patch:
    - Fix heap buffer overflow in ft_font_face_hash of gxps-fonts.c
      CVE-2018-10733 (Closes: #897954)
  * Cherry-pick gxps-images-fix-integer-overflow-in-png-decoder.patch:
    - Fix an integer overflow

This is a bug fix that might not be needed for the security update.
* Cherry-pick gxps-images-clear-the-error-before-trying-to-load-an-imag.patch:
- clear an error so that fallback image loading works

Note that there is another reported security issue that appears unfixed:
https://security-tracker.debian.org/tracker/CVE-2018-10767

It looks like the Debian and Ubuntu security teams have determined that these 2 CVEs are low priority.

CVE References

2018-10733

Eduardo Barretto (ebarretto) on 2018-10-15

Changed in libgxps (Ubuntu):
status:	New → Confirmed

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulibgxps package