-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : gthumb Version : 3:3.3.1-2.1+deb8u2 CVE ID : CVE-2019-20326
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. For Debian 8 "Jessie", this problem has been fixed in version 3:3.3.1-2.1+deb8u2. We recommend that you upgrade your gthumb packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl4dgy8ACgkQhj1N8u2c KO95sw/8DY54i6Ax4oaEbsJLpY+pxDHqHnQwHU5wxIYXDBdtI2JH99hAw+3i8UCw h8Hwr7OOMd4guFbwyacqfxIr1kUWxsNTAwMBnZYAOq8dW84bYBytEY90QhXtPYMf jGgqXqnydQjuxqvDdHAoABj1AWRHf/nLlWCg9IHT5xq/0D1Xnj2SLNJPQwn/7nI9 BAP7IYKld8MaKDIkMq3SMQE/AuAV4Irsvwne1zOSnLwWYzSrovpwexmnzZc1Q/No rPqBhgUXzUP9O56e/wSDzxxU9R/w7Ys+kIXXBPiZihnPHAB39SEqJRjfLjRnuQAE waF0lol9BTq35HC2uHKuxOictG2pH6OUUhNZMDiOFsMSyZsvYduGHutCb2D2gxBp LkiHTVmI4NUgEVIsas2cRI2CqRoFxq4YkaS7BGiRGRgPmrDMVXdPZcEc7923SEyN LFA0/GlY54OgGS2OM34Mf/nGu43hCdwtUA133GzGSXWK3A2rl3tffcmF8ixE++1P HVMSzjbn6nJ8NN45zP1+KyuyjQqmbGHt3tZnPjmcK9xCDOLjFkXKEu59u2pNiq8K 86YHUfLiWGkk+UyKzCB4w1Ce0uvWIRQ5rGIUBp7EPkjnkKINUtHP9q5C7O4i/SUR mFQWV5D/H2OV4UMPxzF9eBxa2own8y+0nt9nJTHOkOE/Bv/fMdE= =Jt6M -----END PGP SIGNATURE-----
