Reachable Assertion Affecting gegl package, versions <0:0.2.0-39.el8

Q: How to fix?

Upgrade RHEL:8 gegl to version 0:0.2.0-39.el8 or higher. This issue was patched in RHSA-2020:1577 .

Threat Intelligence

0.1% (43^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RHEL8-GEGL-3667998
published26 Jul 2021
disclosed4 Apr 2018

Report a new vulnerability Found a mistake?

Introduced: 4 Apr 2018

CVE-2018-9303 (opens in a new tab) CWE-617 (opens in a new tab)

How to fix?

Upgrade RHEL:8 gegl to version 0:0.2.0-39.el8 or higher.
This issue was patched in RHSA-2020:1577.

NVD Description

Note: Versions mentioned in the description apply only to the upstream gegl package and not the gegl package as distributed by RHEL. See How to fix? for RHEL:8 relevant fixed versions and status.

In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.

References

https://access.redhat.com/security/cve/CVE-2018-9303
https://security.gentoo.org/glsa/201811-14
https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
https://access.redhat.com/errata/RHSA-2020:1577