CVE-2019-20326

HIGH

GNOME gThumb < 3.8.3 - Heap-Based Buffer Overflow in JPEG Image Processing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-20326. PoCs published by Fysac.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2019-20326, a heap buffer overflow in GNOME gThumb and Linux Mint Pix due to inconsistent dimension handling in the `cairo_io` module. It includes a proof-of-concept JPEG file and AddressSanitizer output demonstrating the vulnerability.

Description

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

Exploits (1)

nomisec WRITEUP 1 stars

by Fysac · poc

https://github.com/Fysac/CVE-2019-20326

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2019-20326, a heap buffer overflow in GNOME gThumb and Linux Mint Pix due to inconsistent dimension handling in the `cairo_io` module. It includes a proof-of-concept JPEG file and AddressSanitizer output demonstrating the vulnerability.

Classification

Writeup 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: GNOME gThumb < 3.8.3, Linux Mint Pix < 2.4.5

No auth needed

Prerequisites: A maliciously crafted JPEG file with dimensions exceeding 32767 pixels

MITRE ATT&CK