Bug 28401

Summary: gthumb new security issue CVE-2019-20326
Product: Mageia Reporter: Joseph Wang <joequant>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact:
Severity: major    
Priority: Normal CC: ouaurelien
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Joseph Wang 2021-02-21 17:09:18 CET 
Description of problem:

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

This issue has been fixed in pix, but gthumb will need to be updated also.

see 27908


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Comment 1 Aurelien Oudelet 2021-02-21 20:06:26 CET 
(In reply to Joseph Wang from comment #0)
> Description of problem:
> 
> A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in
> extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3
> and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and
> potentially execute arbitrary code via a crafted JPEG file.
> 
> This issue has been fixed in pix, but gthumb will need to be updated also.
> 
> see 27908

Cauldron/8 has gthumb-3.11.1-2.mga8.src.rpm.
Seems not affected.

In bug 27908 for Mageia 7, gthumb seems affected by core dump also:
/7.1/SRPMS/core/updates/gthumb-3.7.2-2.1.mga7.src.rpm

BUT, update for CVE-2019-20326 was supposed fixed in gthumb with mga#26084.
But, Len Lawrence in Comment 4 of bug 27908 shows the opposite: a core dump with PoC. Warning. Closing this. as duplicate of 26084 and reopening it.

*** This bug has been marked as a duplicate of bug 26084 ***

Resolution: (none) => DUPLICATE
CC: (none) => ouaurelien
Version: Cauldron => 7
Status: NEW => RESOLVED