CVE-2019-20326

7.8HIGH

Key Information:

Vendor
Gnome
Status
Gthumb
Vendor
CVE Published:
16 March 2020

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-20326
Created by Fysac

References

https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce23588...
x_refsource_CONFIRM
https://gitlab.gnome.org/GNOME/gthumb/commit/ca8f528209ab...
x_refsource_CONFIRM
https://gitlab.gnome.org/GNOME/gthumb/commits/master/exte...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

.