1794132 – (CVE-2019-20326) CVE-2019-20326 gthumb: heap-based buffer overflow in _cairo_image_surface_create_from_jpeg in extensions/cairo_io/cairo-image-surface-jpeg.c

Bug 1794132 (CVE-2019-20326) - CVE-2019-20326 gthumb: heap-based buffer overflow in _cairo_image_surface_create_from_jpeg in extensions/cairo_io/cairo-image-surface-jpeg.c

Summary: CVE-2019-20326 gthumb: heap-based buffer overflow in _cairo_image_surface_cre...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-20326
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1796911 1796910
Blocks:	1794137
TreeView+	depends on / blocked

Reported:	2020-01-22 18:14 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-02-16 20:43 UTC (History)
CC List:	8 users (show)
Fixed In Version:	gthumb 3.8.3
Doc Type:	If docs needed, set a value
Doc Text:	A heap-based buffer overflow was found in the way gThumb rendered certain JPEG images. An attacker could use a specially crafted JPEG image to cause gThumb to crash or execute arbitrary code with the permission of the user running gThumb.
Clone Of:
Environment:
Last Closed:	2020-02-20 05:29:01 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-01-22 18:14:31 UTC

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

References and upstream commits:
https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad
https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4

Comment 1 Guilherme de Almeida Suckevicz 2020-01-31 13:37:42 UTC

Created gthumb tracking bugs for this issue:

Affects: epel-7 [bug 1796911]
Affects: fedora-all [bug 1796910]

Comment 2 Huzaifa S. Sidhpurwala 2020-02-20 05:29:05 UTC

Statement:

The vulnerable code was introduced in gthumb 2.13.2. Therefore the versions of gthumb package shipped with Red Hat Enterprise Linux 5 and 6 are not affected by this flaw.

Note You need to log in before you can comment on or make changes to this bug.