Bug 28401 - gthumb new security issue CVE-2019-20326
Summary: gthumb new security issue CVE-2019-20326
Status: RESOLVED DUPLICATE of bug 26084
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-21 17:09 CET by Joseph Wang
Modified: 2021-02-21 20:06 CET (History)
1 user (show)

See Also:
Source RPM:
CVE:
Status comment:


Attachments

Description Joseph Wang 2021-02-21 17:09:18 CET
Description of problem:

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

This issue has been fixed in pix, but gthumb will need to be updated also.

see 27908


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Comment 1 Aurelien Oudelet 2021-02-21 20:06:26 CET
(In reply to Joseph Wang from comment #0)
> Description of problem:
> 
> A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in
> extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3
> and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and
> potentially execute arbitrary code via a crafted JPEG file.
> 
> This issue has been fixed in pix, but gthumb will need to be updated also.
> 
> see 27908

Cauldron/8 has gthumb-3.11.1-2.mga8.src.rpm.
Seems not affected.

In bug 27908 for Mageia 7, gthumb seems affected by core dump also:
/7.1/SRPMS/core/updates/gthumb-3.7.2-2.1.mga7.src.rpm

BUT, update for CVE-2019-20326 was supposed fixed in gthumb with mga#26084.
But, Len Lawrence in Comment 4 of bug 27908 shows the opposite: a core dump with PoC. Warning. Closing this. as duplicate of 26084 and reopening it.

*** This bug has been marked as a duplicate of bug 26084 ***

Resolution: (none) => DUPLICATE
CC: (none) => ouaurelien
Version: Cauldron => 7
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.