** Bug watch added: gitlab.gnome.org/GNOME/gdk-pixbuf/issues #95 https://gitlab.gnome.org/GNOME/gdk-pixbuf/issues/95
** Also affects: choreographics via https://gitlab.gnome.org/GNOME/gdk-pixbuf/issues/95 Importance: Unknown Status: Unknown ** Project changed: choreographics => gdk-pixbuf ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to eog in Ubuntu. https://bugs.launchpad.net/bugs/1797161 Title: GNOME Image Viewer (EOG): invalid XPM file causes dynamic memory allocation Status in gdk-pixbuf: Unknown Status in eog package in Ubuntu: New Status in gdk-pixbuf package in Ubuntu: New Bug description: Summary Loading a specially crafted (invalid) XPM file, an attacker is able to crash the whole system, since too much dynamic memory is allocated. Test environment $ eog --version GNOME Image Viewer 3.28.1 Distributor ID: Ubuntu Description: Ubuntu 18.04.1 LTS Release: 18.04 Codename: bionic Steps to reproduce 1) Open a terminal and start the 'top' program to see the memory usage a program uses 2) Open a second terminal a) Execute: $ eog eog_ctrl_mem.xpm b) Observe how dynamic memory allocation increases by Eye of Gnome in terminal 1). Depending on the available resources, the system can crash. Note: If the system is crashing/swapping depends on the available physical memory and the amount of resources other applications already has allocated on the system. I have experimented in a virtual box and it was easy to crash by changing the with and height parameters in the XPM file. Are other programs affected and how they behave? I have tested (GNU Image Manipulation Program version 2.8.22), which simply rejects the file with an error message and no additional memory is allocated. Error Message from Gimp: "Opening 'eog_ctrl_mem.xpm' failed: X PixMap image plug-In could not open image" Potential vulnerability An attacker could prepare an invalid XPM-file (e.g. eog_ctrl_mem.xpm). In case the user opens the file by double clicking, the system is able to crash due to the huge amount of memory allocated. Since Eye of Gnome is the default viewer on Ubuntu this is likely. Best regards Martin Ettl To manage notifications about this bug go to: https://bugs.launchpad.net/gdk-pixbuf/+bug/1797161/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp