Vulnerability Details CVE-2018-20536
There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1652610
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM/
- https://bugzilla.redhat.com/show_bug.cgi?id=1652610
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM/