Heap-Based Buffer Overflow in GNOME gThumb and Linux Mint Pix
CVE-2019-20326

7.8HIGH

Key Information:

Vendor: Gnome
Status: Gthumb
Vendor: CVE Published:; 16 March 2020

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2019-20326?

A heap-based buffer overflow vulnerability exists in gThumb and Linux Mint Pix, allowing attackers to crash the application and possibly execute arbitrary code by exploiting specially crafted JPEG files. This weakness arises from the _cairo_image_surface_create_from_jpeg() function located in cairo-image-surface-jpeg.c. Users are encouraged to upgrade to fixed versions to mitigate this risk and safeguard their systems against potential exploits.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-20326
Created by Fysac

References

https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce23588...

x_refsource_CONFIRM

https://gitlab.gnome.org/GNOME/gthumb/commit/ca8f528209ab...

x_refsource_CONFIRM

https://gitlab.gnome.org/GNOME/gthumb/commits/master/exte...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2020
🟡
Public PoC available
Jan 3, 2020
👾
Exploit known to exist
Jan 3, 2020
Vulnerability Reserved
Jan 2, 2020

Gnome

Badges

What is CVE-2019-20326?

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline