heap buffer overflow in ft_font_face_hash of gxps-fonts.c CVE-2018-10733
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libgxps (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
https:/
This issue is fixed in Ubuntu 18.10 and needs to be fixed in at least Ubuntu 18.04 LTS.
https:/
https:/
I believe you'll want these commits:
* Cherry-pick gxps-archive-
& gxps-archive-
- Fix heap buffer overflow in ft_font_face_hash of gxps-fonts.c
CVE-
* Cherry-pick gxps-images-
- Fix an integer overflow
This is a bug fix that might not be needed for the security update.
* Cherry-pick gxps-images-
- clear an error so that fallback image loading works
Note that there is another reported security issue that appears unfixed:
https:/
It looks like the Debian and Ubuntu security teams have determined that these 2 CVEs are low priority.
CVE References
Changed in libgxps (Ubuntu): | |
status: | New → Confirmed |