Summary
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20326
Affected versions
The issue affects all versions of Pix prior to to version 2.4.5.
Fixed versions
This issue is fixed in Pix 2.4.5 and later versions.
References
Pix commits between 2.4.4 and 2.4.5: https://github.com/linuxmint/pix/commits/master
Summary
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20326
Affected versions
The issue affects all versions of Pix prior to to version 2.4.5.
Fixed versions
This issue is fixed in Pix 2.4.5 and later versions.
References
Pix commits between 2.4.4 and 2.4.5: https://github.com/linuxmint/pix/commits/master