CVE-2018-10114

Name of the Vulnerable Software and Affected Versions: GEGL versions prior to 0.3.32

Description: An issue in the gegl buffer iterate read simple function allows remote attackers to cause a denial of service or possibly have other impact via a malformed PPM file. This is related to improper restrictions on memory allocation in the ppm load read header function.

Recommendations: For GEGL versions prior to 0.3.32, update to version 0.3.32 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ppm load read header function in operations/external/ppm-load.c to minimize the risk of exploitation. Avoid using the gegl buffer iterate read simple function in buffer/gegl-buffer-access.c with untrusted PPM files until the issue is resolved.