Bug 608808 (CVE-2010-2246) - CVE-2010-2246 Feh: Arbitrary code execution by viewing http images with reload set
Summary: CVE-2010-2246 Feh: Arbitrary code execution by viewing http images with reloa...
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2010-2246
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20100625,reported=20100625,sou...
Depends On: 608809
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-06-28 17:32 UTC by Jan Lieskovsky
Modified: 2019-06-08 13:02 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-07 08:25:54 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2010-06-28 17:32:58 UTC
An improper input sanitization flaw was found in the way feh,
the versatile and fast image viewer using imlib2, escaped URLs
to remote image files, to be reloaded. If a remote attacker could
trick the local user into opening a specially-crafted URL (where
that URL led to a valid file), it could lead to arbitrary code
execution with the privileges of the user running feh.

References:
  [1] http://bugs.gentoo.org/show_bug.cgi?id=325531
  [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587205
  [3] http://linuxbrit.co.uk/software/feh/
  [4] https://derf.homelinux.org/projects/feh/changelog

Upstream patch:
  [5] https://derf.homelinux.org/git/feh/patch/?id=ae56ce24b10767800b1715e7e68b41c7d3571b4c

CVE Request:
  [6] http://www.openwall.com/lists/oss-security/2010/06/25/4

Public PoC:
  [7] feh --wget-timestamp 'https://derf.homelinux.org/stuff/bar`touch lol_hax`.jpg'

Comment 1 Jan Lieskovsky 2010-06-28 17:35:35 UTC
This issue affects the versions of the feh package, as shipped
with Fedora releases of 12 and 13.

Please fix.

Comment 2 Jan Lieskovsky 2010-06-28 17:36:38 UTC
Created feh tracking bugs for this issue

Affects: fedora-all [bug 608809]

Comment 3 Jan Lieskovsky 2010-06-29 14:26:36 UTC
CVE identifier of CVE-2010-2246 has been assigned to this.

Comment 4 Product Security DevOps Team 2019-06-07 08:25:54 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.