Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 236525 (CVE-2008-3791) - media-gfx/gpicview Insecure tempfile and shell metadata in filename (CVE-2008-3791, CVE-2008-3904)
Summary: media-gfx/gpicview Insecure tempfile and shell metadata in filename (CVE-2008...
Alias: CVE-2008-3791
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~2 [noglsa]
Depends on:
Reported: 2008-09-03 00:06 UTC by Robert Buchholz (RETIRED)
Modified: 2008-09-13 17:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-09-03 00:06:18 UTC

Possible symlink attack via the temporary created "/tmp/rot.jpg" 
file used for image rotation.

Furthermore Nico Golde reported discovered that shell code could be executed via crafted filenames:

A patch can be found at the debian bug (not reviewed yet):
Comment 1 Markus Meier gentoo-dev 2008-09-12 21:01:13 UTC
*gpicview-0.1.10 (12 Sep 2008)

  12 Sep 2008; Markus Meier <> -gpicview-0.1.8.ebuild,
  -gpicview-0.1.9.ebuild, +gpicview-0.1.10.ebuild:
  bump to 0.1.10, remove old ebuilds, security bug #236525

this should fix the mentioned security bugs (I checked /tmp/rot.jpg bug)
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-09-13 17:56:53 UTC
confirmed, thanks for bumping. Closing [noglsa].