CVE-2018-16428

moderate-risk
Published 2018-09-04

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.

Do I need to act?

-
0.65% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: fccef3cc822af74699cca84cd202719ae61ca3b9
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (5)

Affected Vendors

Gnome Canonical

References (14)

http://www.openwall.com/lists/oss-security/2020/02/14/3
Third Party Advisory http://www.securityfocus.com/bid/105210
Patch https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca...
Exploit https://gitlab.gnome.org/GNOME/glib/issues/1364
https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html
Third Party Advisory https://usn.ubuntu.com/3767-1/
Third Party Advisory https://usn.ubuntu.com/3767-2/
http://www.openwall.com/lists/oss-security/2020/02/14/3
Third Party Advisory http://www.securityfocus.com/bid/105210
Patch https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca...
Exploit https://gitlab.gnome.org/GNOME/glib/issues/1364
https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html
Third Party Advisory https://usn.ubuntu.com/3767-1/
Third Party Advisory https://usn.ubuntu.com/3767-2/
46
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 12/34 · Low