Your submission was sent successfully! Close

CVE-2019-20326

Published: 16 March 2020

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
gthumb
Launchpad, Ubuntu, Debian
bionic Needed

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal
Released (3:3.8.0-2.1ubuntu0.1)
groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(3:3.8.3-0.1)
impish Not vulnerable
(3:3.8.3-0.1)
jammy Not vulnerable
(3:3.8.3-0.1)
kinetic Not vulnerable
(3:3.8.3-0.1)
precise Does not exist

trusty Does not exist

upstream
Released (3:3.3.1-2.1+deb8u1)
xenial Ignored
(end of standard support, was needed)