[Bug 1797161] [NEW] GNOME Image Viewer (EOG): invalid XPM file causes dynamic memory allocation

Thu, 07 Mar 2019 10:53:53 -0800 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Marc Deslauriers 
(mdeslaur):

Summary

Loading a specially crafted (invalid) XPM file, an attacker is able to
crash the whole system, since too much dynamic memory is allocated.

Test environment

$ eog --version
GNOME Image Viewer 3.28.1

Distributor ID: Ubuntu
Description:    Ubuntu 18.04.1 LTS
Release:        18.04
Codename:       bionic

Steps to reproduce
1) Open a terminal and start the 'top' program to see the memory usage a 
program uses
2) Open a second terminal
  a) Execute: $ eog eog_ctrl_mem.xpm
  b) Observe how dynamic memory allocation increases by Eye of Gnome in 
terminal 1). Depending on the available resources, the system can crash.

Note: If the system is crashing/swapping depends on the available
physical memory and the amount of resources other applications already
has allocated on the system. I have experimented in a virtual box and it
was easy to crash by changing the with and height parameters in the XPM
file.

Are other programs affected and how they behave?

I have tested (GNU Image Manipulation Program version 2.8.22), which simply 
rejects the file with an error message and no additional memory is allocated.
Error Message from Gimp:
"Opening 'eog_ctrl_mem.xpm' failed: X PixMap image plug-In could not open image"

Potential vulnerability

An attacker could prepare an invalid XPM-file (e.g. eog_ctrl_mem.xpm).
In case the user opens the file by double clicking, the system is able
to crash due to the huge amount of memory allocated. Since Eye of Gnome
is the default viewer on Ubuntu this is likely.

Best regards

Martin Ettl

** Affects: gdk-pixbuf
     Importance: Unknown
         Status: Unknown

** Affects: eog (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: gdk-pixbuf (Ubuntu)
     Importance: Undecided
         Status: New

-- 
GNOME Image Viewer (EOG): invalid XPM file causes dynamic memory allocation
https://bugs.launchpad.net/bugs/1797161
You received this bug notification because you are a member of Ubuntu Bugs, 
which is subscribed to the bug report.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to