Bug 1626148 (CVE-2018-16429)

Summary: CVE-2018-16429 glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: 0xalen+redhat, akarshan.biswas, alexl, cschalle, gecko-bugs-nobody, jhorak, jkalliya, john.j5live, mclasen, mhroncok, rhughes, rstrode, slawomir, stransky, tiagomatos, walters, yaneti, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-25 22:16:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1626169, 1626172, 1626173, 1626174, 1626175, 1626176, 1626177, 1649605    
Bug Blocks: 1626146    

Description Pedro Sampaio 2018-09-06 16:29:32 UTC 
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().

Upstream bug:

https://gitlab.gnome.org/GNOME/glib/issues/1361

Upstream patch:

https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b
Comment 1 Pedro Sampaio 2018-09-06 17:06:38 UTC 
Created chromium tracking bugs for this issue:

Affects: fedora-all [bug 1626173]


Created firefox tracking bugs for this issue:

Affects: fedora-all [bug 1626174]


Created glib2 tracking bugs for this issue:

Affects: fedora-all [bug 1626169]


Created thunderbird tracking bugs for this issue:

Affects: fedora-all [bug 1626176]
Comment 4 Huzaifa S. Sidhpurwala 2020-03-09 03:28:10 UTC 
Mitigation:

Since the only affected code in this flaw is g_markup_parse_context_parse(), any application (compiled with glib2) which does not use this function or any other function which calls this vulnerable code, is not affected by this flaw.