Bug 1626145 (CVE-2018-16428)

Summary: CVE-2018-16428 glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: 0xalen+redhat, abhgupta, akarshan.biswas, alexl, cschalle, dbaker, gecko-bugs-nobody, jhorak, john.j5live, jokerman, mclasen, mhroncok, rhughes, rstrode, slawomir, sthangav, stransky, tiagomatos, trankin, walters, yaneti, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-25 22:16:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1626162, 1626163, 1626164, 1626165, 1626166, 1626167, 1626168, 1649602    
Bug Blocks: 1626146    

Description Pedro Sampaio 2018-09-06 16:24:56 UTC
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() function in gmarkup.c has a NULL pointer dereference.

Upstream bug:

https://gitlab.gnome.org/GNOME/glib/issues/1364

Upstream patch:

https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9

Comment 3 Pedro Sampaio 2018-09-06 17:05:48 UTC
Created chromium tracking bugs for this issue:

Affects: fedora-all [bug 1626164]


Created firefox tracking bugs for this issue:

Affects: fedora-all [bug 1626165]


Created glib2 tracking bugs for this issue:

Affects: fedora-all [bug 1626162]


Created thunderbird tracking bugs for this issue:

Affects: fedora-all [bug 1626167]

Comment 6 Huzaifa S. Sidhpurwala 2020-03-09 03:26:14 UTC
Mitigation:

Since the only affected code in this flaw is g_markup_parse_context_end_parse(), any application (compiled with glib2) which does not use this function or any other function which calls this vulnerable code, is not affected by this flaw.