An out-of-bounds write vulnerability in eog was found when processing specially crafted SVG file. Due to passing the error message containing invalid UTF-8 character to GMarkup, out-of-bounds access is triggered. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=770143 Upstream patch: https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4
Created eog tracking bugs for this issue: Affects: fedora-all [bug 1369088]
Created attachment 1193475 [details] upstream patch
eog-3.20.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
eog-3.18.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.