Description of problem: A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. This issue has been fixed in pix, but gthumb will need to be updated also. see 27908 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3.
(In reply to Joseph Wang from comment #0) > Description of problem: > > A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in > extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 > and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and > potentially execute arbitrary code via a crafted JPEG file. > > This issue has been fixed in pix, but gthumb will need to be updated also. > > see 27908 Cauldron/8 has gthumb-3.11.1-2.mga8.src.rpm. Seems not affected. In bug 27908 for Mageia 7, gthumb seems affected by core dump also: /7.1/SRPMS/core/updates/gthumb-3.7.2-2.1.mga7.src.rpm BUT, update for CVE-2019-20326 was supposed fixed in gthumb with mga#26084. But, Len Lawrence in Comment 4 of bug 27908 shows the opposite: a core dump with PoC. Warning. Closing this. as duplicate of 26084 and reopening it. *** This bug has been marked as a duplicate of bug 26084 ***
Resolution: (none) => DUPLICATECC: (none) => ouaurelienVersion: Cauldron => 7Status: NEW => RESOLVED