CVE-2020-36427
published 2021-07-19CVE-2020-36427: GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
PriorityP416medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.71%
48.8th percentile
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gthumb | < gthumb 3:3.11.1-0.1 (bookworm) | gthumb 3:3.11.1-0.1 (bookworm) |
| gnome | gthumb | < 3.10.1 | 3.10.1 |
| gnome | gthumb | >= 0 < 3:3.11.1-0.1 | 3:3.11.1-0.1 |
| gnome | gthumb | >= 0 < 3:3.11.1-0.1 | 3:3.11.1-0.1 |
| gnome | gthumb | >= 0 < 3:3.11.1-0.1 | 3:3.11.1-0.1 |
| gnome | gthumb | >= 0 < 3:3.11.1-0.1 | 3:3.11.1-0.1 |
| gnome | gthumb | >= 0 < 3:3.8.0-2.1ubuntu0.1 | 3:3.8.0-2.1ubuntu0.1 |
| gnome | gthumb | >= 0 < 3:3.4.3-1ubuntu0.1~esm1 | 3:3.4.3-1ubuntu0.1~esm1 |
| gnome | gthumb | >= 0 < 3:3.6.1-1ubuntu0.1~esm1 | 3:3.6.1-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian5.5LOW
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
gThumb vulnerabilities
vendor_ubuntu·2022-10-14·CVSS 7.8
CVE-2019-20326 [HIGH] gThumb vulnerabilities
Title: gThumb vulnerabilities
Summary: Several security issues were fixed in gThumb.
It was discovered that gThumb did not properly managed
memory under certain circumstances. An attacker could
possibly use this issue to cause gThumb to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2018-18718)
It was discovered that gThumb did not properly managed
memory when processing certain image files. If a user were
tricked into opening a specially crafted JPEG file, an
attacker could possibly use this issue to cause gThumb to
crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2019-20326)
It was discovered that gThumb did not properly handled
certain malformed image files. If a user were tricked into
opening a specially crafted JP
Ubuntu
gThumb vulnerabilities
vendor_ubuntu·2022-10-14·CVSS 7.8
CVE-2019-20326 [HIGH] gThumb vulnerabilities
Title: gThumb vulnerabilities
Summary: Several security issues were fixed in gThumb.
It was discovered that gThumb did not properly managed
memory when processing certain image files. If a user were
tricked into opening a specially crafted JPEG file, an
attacker could possibly use this issue to cause gThumb to
crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2019-20326)
It was discovered that gThumb did not properly handled
certain malformed image files. If a user were tricked into
opening a specially crafted JPEG file, an attacker could
possibly use this issue to cause gThumb to crash, resulting
in a denial of service. (CVE-2020-36427)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
gthumb: DoS via malformed JPEG image
vendor_redhat·2020-09-20·CVSS 5.5
CVE-2020-36427 [MEDIUM] CWE-20 gthumb: DoS via malformed JPEG image
gthumb: DoS via malformed JPEG image
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
There's a flaw in gThumb. An attacker who is able to trick a victim into opening a specially crafted file with gThumb could trigger a crash via assertion failure or memory leak. The greatest impact of this flaw is to application availability.
Statement: This flaw is out of support scope for Red Hat Enterprise Linux 5 and 6. For more information on Red Hat Enterprise Linux support scope, please see https://access.redhat.com/support/policy/updates/errata/ .
Red Hat Enterprise Linux 7 and 8 are not affected because they do not ship gThumb.
Package: gthumb (Red Hat Enterprise Linux 6) - Out of support scope
Debian
CVE-2020-36427: gthumb - GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG imag...
vendor_debian·2020·CVSS 5.5
CVE-2020-36427 [MEDIUM] CVE-2020-36427: gthumb - GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG imag...
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
Scope: local
bookworm: resolved (fixed in 3:3.11.1-0.1)
bullseye: resolved (fixed in 3:3.11.1-0.1)
forky: resolved (fixed in 3:3.11.1-0.1)
sid: resolved (fixed in 3:3.11.1-0.1)
trixie: resolved (fixed in 3:3.11.1-0.1)
OSV
gThumb vulnerabilities
osv·2022-10-14·CVSS 7.8
CVE-2019-20326 [HIGH] gThumb vulnerabilities
gThumb vulnerabilities
It was discovered that gThumb did not properly managed
memory when processing certain image files. If a user were
tricked into opening a specially crafted JPEG file, an
attacker could possibly use this issue to cause gThumb to
crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2019-20326)
It was discovered that gThumb did not properly handled
certain malformed image files. If a user were tricked into
opening a specially crafted JPEG file, an attacker could
possibly use this issue to cause gThumb to crash, resulting
in a denial of service. (CVE-2020-36427)
OSV
gThumb vulnerabilities
osv·2022-10-14·CVSS 7.8
CVE-2018-18718 [HIGH] gThumb vulnerabilities
gThumb vulnerabilities
It was discovered that gThumb did not properly managed
memory under certain circumstances. An attacker could
possibly use this issue to cause gThumb to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2018-18718)
It was discovered that gThumb did not properly managed
memory when processing certain image files. If a user were
tricked into opening a specially crafted JPEG file, an
attacker could possibly use this issue to cause gThumb to
crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2019-20326)
It was discovered that gThumb did not properly handled
certain malformed image files. If a user were tricked into
opening a specially crafted JPEG file, an attacker could
possibly use this issue to cause gTh
GHSA
GHSA-vx5q-6vmv-w8gj: GNOME gThumb before 3
ghsa_unreviewed·2022-05-24
CVE-2020-36427 [MEDIUM] GHSA-vx5q-6vmv-w8gj: GNOME gThumb before 3
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
OSV
CVE-2020-36427: GNOME gThumb before 3
osv·2021-07-19·CVSS 5.5
CVE-2020-36427 [MEDIUM] CVE-2020-36427: GNOME gThumb before 3
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-19
Published