6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
71.5%
A flaw was found in libgxps through 0.3.0. There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c. A crafted input will lead to a remote denial of service attack (CVE-2018-10733). An integer overflow flaw exists within the “gxps_images_create_from_png()” function in libgxps/gxps-images.c. An attacker can exploit this flaw to cause a heap-based buffer overflow by tricking a user into opening a specially crafted XPS document in an application using libgxps (rhbz#1524378).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | libgxps | < 0.2.5-1.2 | libgxps-0.2.5-1.2.mga6 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
71.5%