CVE-2019-20326

A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "vendor_product": "debian:debian_linux"
        }
    ]
}

References

Affected packages

Git / github.com/gnome/gthumb

Affected ranges

Type

GIT

Repo

https://github.com/gnome/gthumb

Events

Introduced

Fixed

ca8f528209ab78935c30e42fe53bdf1a24f3cb44

Database specific

{
    "cpe": "cpe:2.3:a:gnome:gthumb:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.3"
        }
    ]
}

Affected versions

2.*

2.13.2

2.13.3

2.13.90

2.13.91

2.90.1

2.90.2

2.90.3

3.*

3.0.0

3.0.1

3.1.1

3.1.2

3.1.3

3.1.4

3.2.0

3.3.2

3.3.3

3.3.4

3.4.0

3.4.1

3.5.1

3.5.2

3.5.3

3.5.4

3.6.0

3.6.1

3.7.1

3.7.2

3.8.0

3.8.1

3.8.2

Other

GTHUMB_2_10_0

GTHUMB_2_10_1

GTHUMB_2_11_1

GTHUMB_2_11_2

GTHUMB_2_11_2_1

GTHUMB_2_11_3

GTHUMB_2_11_4

GTHUMB_2_11_5

GTHUMB_2_11_6

GTHUMB_2_11_90

GTHUMB_2_11_91

GTHUMB_2_11_92

GTHUMB_2_12_0

GTHUMB_2_13_1

GTHUMB_2_4_0

GTHUMB_2_7_3

GTHUMB_2_7_4

GTHUMB_2_7_5

GTHUMB_2_7_5_1

GTHUMB_2_7_6

GTHUMB_2_7_7

GTHUMB_2_7_8

GTHUMB_2_7_9

GTHUMB_2_9_1

GTHUMB_2_9_2

GTHUMB_2_9_3

start

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20326.json"

Git / github.com/linuxmint/pix

Affected ranges

Type

GIT

Repo

https://github.com/linuxmint/pix

Events

Introduced

Fixed

60e4d161aa6c58b5355bc285a6d0a06ee04a4991

Database specific

{
    "cpe": "cpe:2.3:a:linuxmint:pix:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.5"
        }
    ]
}

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.2.0

1.2.1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.6.0

1.6.1

1.6.2

1.8.0

1.8.1

1.8.2

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.2.0

2.2.1

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

master.*

master.mint18

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20326.json"

Git / gitlab.gnome.org/gnome/gthumb

Affected ranges

Type

GIT

Repo

https://gitlab.gnome.org/gnome/gthumb

Events

Introduced

Fixed

4faa5ce2358812d23a1147953ee76f59631590ad

Fixed

ca8f528209ab78935c30e42fe53bdf1a24f3cb44

Database specific

{
    "source": "REFERENCES"
}

Affected versions

2.*

2.13.2

2.13.3

2.13.90

2.13.91

2.90.1

2.90.2

2.90.3

3.*

3.0.0

3.0.1

3.1.1

3.1.2

3.1.3

3.1.4

3.2.0

3.3.2

3.3.3

3.3.4

3.4.0

3.4.1

3.5.1

3.5.2

3.5.3

3.5.4

3.6.0

3.6.1

3.7.1

3.7.2

3.8.0

3.8.1

3.8.2

Other

GTHUMB_2_10_0

GTHUMB_2_10_1

GTHUMB_2_11_1

GTHUMB_2_11_2

GTHUMB_2_11_2_1

GTHUMB_2_11_3

GTHUMB_2_11_4

GTHUMB_2_11_5

GTHUMB_2_11_6

GTHUMB_2_11_90

GTHUMB_2_11_91

GTHUMB_2_11_92

GTHUMB_2_12_0

GTHUMB_2_13_1

GTHUMB_2_4_0

GTHUMB_2_7_3

GTHUMB_2_7_4

GTHUMB_2_7_5

GTHUMB_2_7_5_1

GTHUMB_2_7_6

GTHUMB_2_7_7

GTHUMB_2_7_8

GTHUMB_2_7_9

GTHUMB_2_9_1

GTHUMB_2_9_2

GTHUMB_2_9_3

start

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20326.json"