Published: 16/03/2020 Updated: 14/09/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb prior to 3.8.3 and Linux Mint Pix prior to 2.4.5 allows malicious users to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gthumb
linuxmint pix
debian debian linux 9.0

Several security issues were fixed in gThumb ...

Debian Bug report logs - #948197 gthumb: CVE-2019-20326: Heap buffer overflow Package: src:gthumb; Maintainer for src:gthumb is Herbert Parentes Fortes Neto <hpfn@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 5 Jan 2020 08:33:01 UTC Severity: important Tags: fixed-upstream, security, ...

CWE-787 https://gitlab.gnome.org/GNOME/gthumb/commit/ca8f528209ab78935c30e42fe53bdf1a24f3cb44 https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad https://gitlab.gnome.org/GNOME/gthumb/commits/master/extensions/cairo_io/cairo-image-surface-jpeg.c https://github.com/Fysac/CVE-2019-20326 https://security.gentoo.org/glsa/202008-05 https://lists.debian.org/debian-lts-announce/2021/08/msg00027.html https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5680-1

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-20326

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect