Bug#875311: gedit: CVE-2017-14108: CPU consumption via crafted file
Salvatore Bonaccorso
carnil at debian.org
Sun Sep 10 15:23:40 UTC 2017
Source: gedit
Version: 3.22.1-1
Severity: normal
Tags: security upstream
Control: found -1 3.14.0-3
Hi,
the following vulnerability was published for gedit.
CVE-2017-14108[0]:
| libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to
| cause a denial of service (CPU consumption) via a file that begins with
| many '\0' characters.
The following can be used to produce a crafted file which triggers the
issue:
$ echo -ne '\x68\x6f\x73\x65\x69\x6e\x20\x61\x73\x6b\x61\x72\x69' | dd conv=notrunc bs=1000 seek=100 of=craft.txt
$ gedit craft.txt &
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14108
[1] https://bugzilla.novell.com/show_bug.cgi?id=1057184
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1488335
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list