{"id":"UBUNTU-CVE-2018-10111","details":"An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.","modified":"2026-04-27T15:34:02.122367Z","published":"2018-04-16T09:58:00Z","upstream":["CVE-2018-10111"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-10111"},{"type":"REPORT","url":"https://github.com/xiaoqx/pocs/tree/master/gegl"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-10111"}],"affected":[{"package":{"name":"gegl","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/gegl@0.3.4-1ubuntu2+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.3.0-4ubuntu2","0.3.2-1ubuntu1","0.3.2-1ubuntu2","0.3.4-1ubuntu1","0.3.4-1ubuntu2","0.3.4-1ubuntu2+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"gegl","binary_version":"0.3.4-1ubuntu2+esm1"},{"binary_name":"libgegl-0.3-0","binary_version":"0.3.4-1ubuntu2+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-10111.json"}},{"package":{"name":"gegl","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/gegl@0.3.30-1ubuntu1+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.3.20-1","0.3.20-3","0.3.24-1","0.3.28-3","0.3.30-1","0.3.30-1ubuntu1","0.3.30-1ubuntu1+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"gegl","binary_version":"0.3.30-1ubuntu1+esm1"},{"binary_name":"gir1.2-gegl-0.3","binary_version":"0.3.30-1ubuntu1+esm1"},{"binary_name":"libgegl-0.3-0","binary_version":"0.3.30-1ubuntu1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-10111.json"}},{"package":{"name":"gegl","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/gegl@0.4.22-3ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.4.14-1","0.4.18-1ubuntu1","0.4.18-2","0.4.18-2build1","0.4.22-1","0.4.22-3","0.4.22-3ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"gegl","binary_version":"0.4.22-3ubuntu0.1~esm1"},{"binary_name":"gir1.2-gegl-0.4","binary_version":"0.4.22-3ubuntu0.1~esm1"},{"binary_name":"libgegl-0.4-0","binary_version":"0.4.22-3ubuntu0.1~esm1"},{"binary_name":"libgegl-common","binary_version":"0.4.22-3ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-10111.json"}},{"package":{"name":"gegl","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/gegl@1:0.4.34-1build1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:0.4.32-1","1:0.4.32-2","1:0.4.34-1","1:0.4.34-1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"gegl","binary_version":"1:0.4.34-1build1"},{"binary_name":"gir1.2-gegl-0.4","binary_version":"1:0.4.34-1build1"},{"binary_name":"libgegl-0.4-0","binary_version":"1:0.4.34-1build1"},{"binary_name":"libgegl-common","binary_version":"1:0.4.34-1build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-10111.json"}},{"package":{"name":"gegl","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/gegl@1:0.4.48-2.4build2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:0.4.44-3ubuntu1","1:0.4.46-4","1:0.4.48-1","1:0.4.48-2.4build1","1:0.4.48-2.4build2"],"ecosystem_specific":{"binaries":[{"binary_name":"gegl","binary_version":"1:0.4.48-2.4build2"},{"binary_name":"gir1.2-gegl-0.4","binary_version":"1:0.4.48-2.4build2"},{"binary_name":"libgegl-0.4-0t64","binary_version":"1:0.4.48-2.4build2"},{"binary_name":"libgegl-common","binary_version":"1:0.4.48-2.4build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-10111.json"}},{"package":{"name":"gegl","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/gegl@1:0.4.62-3.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:0.4.58-1","1:0.4.58-2","1:0.4.62-1","1:0.4.62-2","1:0.4.62-3","1:0.4.62-3.1"],"ecosystem_specific":{"binaries":[{"binary_name":"gegl","binary_version":"1:0.4.62-3.1"},{"binary_name":"gir1.2-gegl-0.4","binary_version":"1:0.4.62-3.1"},{"binary_name":"libgegl-0.4-0t64","binary_version":"1:0.4.62-3.1"},{"binary_name":"libgegl-common","binary_version":"1:0.4.62-3.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-10111.json"}},{"package":{"name":"gegl","ecosystem":"Ubuntu:26.04","purl":"pkg:deb/ubuntu/gegl@1:0.4.70-1?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:0.4.62-3.1","1:0.4.64-1","1:0.4.64-2","1:0.4.66-2","1:0.4.66-3","1:0.4.68-1","1:0.4.70-1"],"ecosystem_specific":{"binaries":[{"binary_name":"gegl","binary_version":"1:0.4.70-1"},{"binary_name":"gir1.2-gegl-0.4","binary_version":"1:0.4.70-1"},{"binary_name":"libgegl-0.4-0t64","binary_version":"1:0.4.70-1"},{"binary_name":"libgegl-common","binary_version":"1:0.4.70-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-10111.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}