Bugzilla – Bug 1089730
VUL-1: CVE-2018-10111: gegl: The render_rectangle function inprocess/gegl-processor.c has unbounded memory allocation, leading to a denial of service
Last modified: 2019-07-03 10:36:49 UTC
Created attachment 767310 [details]
An issue was discovered in GEGL through 0.3.32. The render_rectangle function in
process/gegl-processor.c has unbounded memory allocation, leading to a denial of
service (application crash) upon allocation failure.
Reproducer: gegl gegl-dos-2
Upstream issue: https://gitlab.gnome.org/GNOME/gegl/issues/65
This bug isn't fixed yet and due to its low priority we can wait for the upstream to fix it.