Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K18407453
HistoryApr 25, 2022 - 12:00 a.m.

K18407453 : Glib vulnerabilities CVE-2018-10767, CVE-2019-12450, and CVE-2019-19126

2022-04-2500:00:00
my.f5.com
45
glib
vulnerabilities
buffer over-read
file permissions
security advisory

AI Score

7.2

Confidence

Low

EPSS

0.015

Percentile

87.1%

JSON

Security Advisory Description

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

Impact

There is no impact; F5 products are not affected by this vulnerability.

Related

nessus 71
openvas 36
fedora 5
redhatcve 4
cvelist 4
ubuntucve 4
oraclelinux 5
redhat 8
ibm 6
debian 3
mageia 2
prion 4
debiancve 4
nvd 4
cve 4
osv 6
cbl_mariner 3
veracode 3
centos 3
amazon 7
ubuntu 3
cloudfoundry 2
suse 1
alpinelinux 1
rosalinux 1
photon 5
nessus
nessus
SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2020:0262-1)
2020-01-31 00:00:00
Scientific Linux Security Update : glibc on SL7.x x86_64 (20201001)
2020-10-21 00:00:00
Oracle Linux 7 : glibc (ELSA-2020-3861)
2023-09-07 00:00:00
openvas
openvas
Fedora: Security Advisory for glibc (FEDORA-2020-1a3bdfde17)
2020-01-27 00:00:00
Fedora: Security Advisory for glibc (FEDORA-2020-c32e4b271c)
2020-02-06 00:00:00
Mageia: Security Advisory (MGASA-2019-0349)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: glibc-2.29-28.fc30
2020-02-06 01:02:49
[SECURITY] Fedora 31 Update: glibc-2.30-10.fc31
2020-01-20 22:49:03
[SECURITY] Fedora 30 Update: glib2-2.60.4-1.fc30
2019-06-17 18:29:34
redhatcve
redhatcve
CVE-2019-19126
2019-11-20 17:37:39
CVE-2018-10767
2018-05-09 04:49:17
CVE-2019-12450
2019-12-29 21:44:45
cvelist
cvelist
CVE-2019-19126
2019-11-19 00:00:00
CVE-2019-12450
2019-05-29 16:16:14
CVE-2018-10767
2018-05-06 23:00:00
ubuntucve
ubuntucve
CVE-2019-19126
2019-11-19 00:00:00
CVE-2019-12450
2019-05-29 00:00:00
CVE-2018-10767
2018-05-06 00:00:00
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2020-05-05 00:00:00
glib2 security, bug fix, and enhancement update
2019-11-14 00:00:00
glib2 and ibus security and bug fix update
2020-10-06 00:00:00
redhat
redhat
(RHSA-2020:3861) Low: glibc security, bug fix, and enhancement update
2020-09-29 07:38:28
(RHSA-2020:1828) Low: glibc security, bug fix, and enhancement update
2020-04-28 09:21:20
(RHSA-2019:3530) Moderate: glib2 security, bug fix, and enhancement update
2019-11-05 17:56:44
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in GNU C Library (CVE-2019-19126)
2023-01-12 21:59:00
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2019-12450)
2021-08-04 17:37:31
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2019-12450)
2021-08-04 17:56:39
debian
debian
[SECURITY] [DLA 1826-1] glib2.0 security update
2019-06-18 20:47:44
[SECURITY] [DLA 1866-1] glib2.0 security update
2019-07-31 18:51:21
[SECURITY] [DLA 3152-1] glibc security update
2022-10-17 15:54:41
mageia
mageia
Updated glibc packages fix security vulnerability
2019-11-30 16:06:06
Updated glib2.0 packages fix security vulnerability
2019-11-30 16:06:06
prion
prion
Code injection
2019-11-19 22:15:00
Default credentials
2019-05-29 17:29:00
Stack overflow
2018-05-06 23:29:00
debiancve
debiancve
CVE-2019-19126
2019-11-19 22:15:11
CVE-2019-12450
2019-05-29 17:29:00
CVE-2018-10767
2018-05-06 23:29:00
nvd
nvd
CVE-2019-19126
2019-11-19 22:15:11
CVE-2018-10767
2018-05-06 23:29:00
CVE-2019-12450
2019-05-29 17:29:00
cve
cve
CVE-2019-19126
2019-11-19 22:15:11
CVE-2019-12450
2019-05-29 17:29:00
CVE-2018-10767
2018-05-06 23:29:00
osv
osv
CVE-2018-10767
2018-05-06 23:29:00
CVE-2019-12450
2019-05-29 17:29:00
CVE-2019-19126
2019-11-19 22:15:11
cbl_mariner
cbl_mariner
CVE-2019-12450 affecting package glib 2.58.0-10
2020-09-09 06:09:08
CVE-2019-19126 affecting package glibc 2.28-24
2020-11-30 19:30:47
CVE-2019-12450 affecting package glib for versions less than 2.60.1-5
2022-04-09 06:51:45
veracode
veracode
Arbitrary Code Execution
2020-10-01 03:50:18
Insecure File Permissions
2019-11-06 00:21:01
Denial Of Service (DOS)
2019-05-16 03:19:05
centos
centos
glibc, nscd security update
2020-10-20 18:07:43
glib2, ibus security update
2020-10-20 18:07:15
PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update
2018-11-15 18:43:07
amazon
amazon
Medium: glib2
2019-08-07 23:00:00
Medium: glib2
2020-11-09 17:10:00
Medium: glib2
2019-09-13 23:17:00
ubuntu
ubuntu
GLib vulnerability
2019-06-10 00:00:00
GLib vulnerability
2019-06-11 00:00:00
GNU C Library vulnerabilities
2020-07-06 00:00:00
cloudfoundry
cloudfoundry
USN-4014-1: GLib vulnerability | Cloud Foundry
2019-06-18 00:00:00
USN-4416-1: GNU C Library vulnerabilities | Cloud Foundry
2020-08-27 00:00:00
suse
suse
Security update for glib2 (important)
2019-06-27 00:00:00
alpinelinux
alpinelinux
CVE-2019-12450
2019-05-29 17:29:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1872
2021-07-02 17:14:36
photon
photon
Critical Photon OS Security Update - PHSA-2019-0018
2019-06-12 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0018
2019-06-12 00:00:00
Important Photon OS Security Update - PHSA-2020-0103
2020-06-12 00:00:00

AI Score

7.2

Confidence

Low

EPSS

0.015

Percentile

87.1%

JSON
Related for F5:K18407453
nessus71openvas36fedora5redhatcve4cvelist4ubuntucve4oraclelinux5redhat8ibm6debian3mageia2prion4debiancve4nvd4cve4osv6cbl_mariner3veracode3centos3amazon7ubuntu3cloudfoundry2suse1alpinelinux1rosalinux1photon5