A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.
{ "vanir_signatures": [ { "source": "https://gitlab.gnome.org/GNOME/gthumb@4faa5ce2358812d23a1147953ee76f59631590ad", "deprecated": false, "signature_version": "v1", "signature_type": "Function", "id": "CVE-2019-20326-6b08bd8c", "digest": { "function_hash": "190570146874380948005349743122422906983", "length": 8044.0 }, "target": { "file": "extensions/cairo_io/cairo-image-surface-jpeg.c", "function": "_cairo_image_surface_create_from_jpeg" } }, { "source": "https://gitlab.gnome.org/GNOME/gthumb@4faa5ce2358812d23a1147953ee76f59631590ad", "deprecated": false, "signature_version": "v1", "signature_type": "Line", "id": "CVE-2019-20326-79793538", "digest": { "line_hashes": [ "119438977438693461586803994384772530619", "35480740089566270441978501549344572455", "71838117151021891516671634119327474900", "217176081343619004235656596112380682561", "205033367727630419954142509132989122390", "143010593354799700167530627847400656740", "149320870513665802398502119708311684098", "17475053439708773680783958071435119823", "303870756471842143342079490926129850173", "153048170157115873281206117439286798967", "83624499265539377306288489177279371166", "206214604271297775734010960376675665223", "208741833267028193460264524786318343454", "72645997754060486035610160453070481149", "38131006209269867587344459051192266802", "89972704049667351032153708917157786752", "303870756471842143342079490926129850173", "153048170157115873281206117439286798967", "83624499265539377306288489177279371166", "206214604271297775734010960376675665223", "159633334276651413161869510554762467033", "72645997754060486035610160453070481149", "38131006209269867587344459051192266802", "89972704049667351032153708917157786752", "303870756471842143342079490926129850173", "153048170157115873281206117439286798967", "83624499265539377306288489177279371166", "206214604271297775734010960376675665223", "190849595097629602552183065200181229011", "72645997754060486035610160453070481149", "38131006209269867587344459051192266802", "89972704049667351032153708917157786752", "303870756471842143342079490926129850173", "153048170157115873281206117439286798967", "83624499265539377306288489177279371166", "206214604271297775734010960376675665223", "190849595097629602552183065200181229011", "72645997754060486035610160453070481149", "38131006209269867587344459051192266802", "89972704049667351032153708917157786752", "303870756471842143342079490926129850173", "153048170157115873281206117439286798967", "83624499265539377306288489177279371166", "206214604271297775734010960376675665223", "208741833267028193460264524786318343454", "72645997754060486035610160453070481149", "38131006209269867587344459051192266802", "89972704049667351032153708917157786752" ], "threshold": 0.9 }, "target": { "file": "extensions/cairo_io/cairo-image-surface-jpeg.c" } } ] }