Your submission was sent successfully! Close

USN-2898-2: Eye of GNOME vulnerability

15 February 2016

Eye of GNOME could be made to crash or run programs as your login if it opened a specially crafted image.

Releases

Packages

  • eog - Eye of GNOME graphics viewer program

Details

It was discovered that Eye of GNOME incorrectly handled certain large
images. If a user were tricked into opening a specially-crafted image, a
remote attacker could use this issue to cause Eye of GNOME to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10
Ubuntu 14.04
Ubuntu 12.04

In general, a standard system update will make all the necessary changes.

References

Related notices

  • USN-2898-1: libgtk2.0-0, libgtk-3-0, libgtk2.0-common, libgail-doc, gtk+3.0, libgtk2.0-0-udeb, libgtk2.0-dev, libgtk2.0-doc, libgail-common, gtk2-engines-pixbuf, libgtk2.0-bin, gtk2.0-examples, gtk+2.0, libgail18, libgail-dev, gir1.2-gtk-2.0