ID CVE-2017-7875
Summary In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.
References
Vulnerable Configurations
  • cpe:2.3:a:feh_project:feh:2.18.2
    cpe:2.3:a:feh_project:feh:2.18.2
CVSS
Base: 7.5 (as of 25-04-2017 - 11:53)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201707-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201707-08 (feh: Arbitrary remote code execution) Tobias Stoeckmann discovered it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. Impact : A remote attacker, pretending to be the E17 window manager, could possibly trigger an out-of-boundary heap write in feh while receiving an IPC message. This could result in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 101339
    published 2017-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101339
    title GLSA-201707-08 : feh: Arbitrary remote code execution
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-899.NASL
    description Tobias Stoeckmann discovered it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. For Debian 7 'Wheezy', these problems have been fixed in version 2.3-2+deb7u1. We recommend that you upgrade your feh packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-10
    plugin id 99420
    published 2017-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99420
    title Debian DLA-899-1 : feh security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-531.NASL
    description This update for feh on Leap 42.1 fixes this security issue : - CVE-2017-7875: In wallpaper.c in feh if a malicious client pretended to be the E17 window manager, it was possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free (bsc#1034567). This update for feh on Leap 42.2 to version 2.18.3 fixes several issues. This security issue was fixed on Leap 42.2 : - CVE-2017-7875: In wallpaper.c in feh if a malicious client pretended to be the E17 window manager, it was possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free (bsc#1034567). These non-security issue was fixed on Leap 42.2 : - boo#955576: added jpegexiforient - Fixed image-specific format specifiers not being updated correctly in thumbnail mode window titles - Fixed memory leak when closing images opened from thumbnail mode - Fixed a possible out of bounds read caused by an unterminated string when using --output to save images in long paths - Fixed out of bounds read/write when handling empty or broken caption files. - Fixed memory leak when saving a filelist or image whose target filename already exists. - Fixed image-specific format specifiers not being updated correctly - New key binding: ! - zoom_fill (zoom to fill window, may cut off image parts - Disable EXIF-based auto rotation by default - Added --auto-rotate option to enable auto rotation - Added feh-makefile_app.patch -- fix install location of icons - Install feh icon (both 48x48 and scalable SVG) to /usr/share/icons when running 'make install app=1' - Fixed --sort not being respected after the first reload when used in conjunction with --reload - All key actions can now also be bound to a button by specifying them in .config/feh/buttons. However, note that button actions can not be bound to keys. - Rename 'menu' key action to 'toggle_menu', 'prev' to 'prev_img' and 'next' to 'next_img'. The old names are still supported, but no longer documented. - feh now also sets the X11 _NET_WM_PID and WM_CLIENT_MACHINE window properties - Fixed compilation on systems where HOST_NAME_MAX is not defined - Also support in-place editing for images loaded via libcurl or imagemagick. Results will not be written back to disk in this case. - Fixed crash when trying to rotate a JPEG image without having jpegtran / jpegexiforient installed - Handle failing fork() calls gracefully - Fixed invalid key/button definitions mis-assigning keys/buttons to other actions - Added sort mode --sort dirname to sort images by directory instead of by name. - Added navigation keys next_dir (]) and prev_dir ([) to jump to the first image of the nex/previous directory - Fixed toggle_filenames key displaying wrong file numbers in multiwindow mode - Rescale image when resizing a window and --scale-down or --geometry is active. - Fixed --keep-zoom-vp not keeping the viewport x/y offsets - Fixed w (size_to_image) key not updating window size when --scale-down or --geometry is active - Added --insecure option to disable HTTPS certificate checks - Added --no-recursive option to disable recursive directory expansion. - Improve --scale-down in tiling environments. - --action and --action[1..9] now support action titles - -f / --filelist: Do not print useless error message when a correct filelist file is specified - -f / --filelist: Fix bug in '-' / '/dev/stdin' handling affecting feh running in ksh and possibly other environments - Add --xinerama-index option for background setting - When removing the last image in slidsehow mode, stay on the last (previously second-to-last) image - Allow --sort and --randomize to override each other (most recently specified option wins) instead of always preferring --sort - Thumbnail mode: Mark image as processed when executing an action (--action) by clicking on an image - It is now possible to override feh's idea of the active xinerama screen using the --xinerama-index option - Removed (undocumented) feature allowing to override feh's idea of the active xinerama screen by setting the XINERAMA_SCREEN environment variable - Removed obsolete gpg macro
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 99926
    published 2017-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99926
    title openSUSE Security Update : feh (openSUSE-2017-531)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-56EC0CCD82.NASL
    description - update to 2.28 fixes rhbz #1438979 #1444077 and #1602421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-15
    modified 2018-11-14
    plugin id 118941
    published 2018-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118941
    title Fedora 27 : feh (2018-56ec0ccd82)
refmap via4
bid 97689
confirm
gentoo GLSA-201707-08
Last major update 25-04-2017 - 12:12
Published 14-04-2017 - 14:59
Last modified 10-07-2017 - 21:33
Back to Top