Candidate: CVE-2019-20326
PublicDate: 2020-03-16 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20326
 https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3)
 https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master)
Description:
 A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in
 extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3
 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and
 potentially execute arbitrary code via a crafted JPEG file.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948197
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_gthumb:
upstream_gthumb: released (3:3.3.1-2.1+deb8u1)
precise/esm_gthumb: DNE
trusty_gthumb: ignored (out of standard support)
trusty/esm_gthumb: DNE
xenial_gthumb: ignored (end of standard support, was needed)
bionic_gthumb: needed
disco_gthumb: ignored (reached end-of-life)
eoan_gthumb: ignored (reached end-of-life)
focal_gthumb: needed
groovy_gthumb: ignored (reached end-of-life)
hirsute_gthumb: not-affected (3:3.8.3-0.1)
impish_gthumb: not-affected (3:3.8.3-0.1)
jammy_gthumb: not-affected (3:3.8.3-0.1)
devel_gthumb: not-affected (3:3.8.3-0.1)