Vulnerability CVE-2017-7875: Information
Description
In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
feh | sisyphus | 3.5-alt1 | 3.10.2-alt1 | ALT-PU-2020-3072-1 | 260101 | Fixed |
feh | p10 | 3.5-alt1 | 3.7-alt1 | ALT-PU-2020-3072-1 | 260101 | Fixed |
feh | p9 | 3.5-alt1 | 3.5-alt1 | ALT-PU-2020-3091-1 | 260102 | Fixed |
feh | c10f1 | 3.5-alt1 | 3.7-alt1 | ALT-PU-2020-3072-1 | 260101 | Fixed |
feh | c9f2 | 2.16-alt1.c9f2.1 | 2.16-alt1.c9f2.1 | ALT-PU-2022-2030-1 | 301611 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d |
|
https://feh.finalrewind.org/ |
|
97689 |
|
GLSA-201707-08 | |
[debian-lts-announce] 20200524 [SECURITY] [DLA 2219-1] feh security update |