Vulnerabilities > CVE-2017-7875 - Out-of-bounds Write vulnerability in FEH Project FEH

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
feh-project
CWE-787
nessus

Summary

In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.

Vulnerable Configurations

Part Description Count
Application
Feh_Project
78

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-56EC0CCD82.NASL
    description - update to 2.28 fixes rhbz #1438979 #1444077 and #1602421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-11-14
    plugin id118941
    published2018-11-14
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118941
    titleFedora 27 : feh (2018-56ec0ccd82)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-A84B6D0071.NASL
    description - update to 2.28 fixes rhbz #1438979 #1444077 and #1602421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120688
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120688
    titleFedora 29 : feh (2018-a84b6d0071)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-3AC43A1E15.NASL
    description - update to 2.28 fixes rhbz #1438979 #1444077 and #1602421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120360
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120360
    titleFedora 28 : feh (2018-3ac43a1e15)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-899.NASL
    descriptionTobias Stoeckmann discovered it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. For Debian 7
    last seen2020-03-17
    modified2017-04-18
    plugin id99420
    published2017-04-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99420
    titleDebian DLA-899-1 : feh security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-531.NASL
    descriptionThis update for feh on Leap 42.1 fixes this security issue : - CVE-2017-7875: In wallpaper.c in feh if a malicious client pretended to be the E17 window manager, it was possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free (bsc#1034567). This update for feh on Leap 42.2 to version 2.18.3 fixes several issues. This security issue was fixed on Leap 42.2 : - CVE-2017-7875: In wallpaper.c in feh if a malicious client pretended to be the E17 window manager, it was possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free (bsc#1034567). These non-security issue was fixed on Leap 42.2 : - boo#955576: added jpegexiforient - Fixed image-specific format specifiers not being updated correctly in thumbnail mode window titles - Fixed memory leak when closing images opened from thumbnail mode - Fixed a possible out of bounds read caused by an unterminated string when using --output to save images in long paths - Fixed out of bounds read/write when handling empty or broken caption files. - Fixed memory leak when saving a filelist or image whose target filename already exists. - Fixed image-specific format specifiers not being updated correctly - New key binding: ! - zoom_fill (zoom to fill window, may cut off image parts - Disable EXIF-based auto rotation by default - Added --auto-rotate option to enable auto rotation - Added feh-makefile_app.patch -- fix install location of icons - Install feh icon (both 48x48 and scalable SVG) to /usr/share/icons when running
    last seen2020-06-05
    modified2017-05-02
    plugin id99926
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99926
    titleopenSUSE Security Update : feh (openSUSE-2017-531)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2219.NASL
    descriptionTobias Stoeckmann discovered that it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. For Debian 8
    last seen2020-05-31
    modified2020-05-26
    plugin id136835
    published2020-05-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136835
    titleDebian DLA-2219-1 : feh security update
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201707-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201707-08 (feh: Arbitrary remote code execution) Tobias Stoeckmann discovered it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. Impact : A remote attacker, pretending to be the E17 window manager, could possibly trigger an out-of-boundary heap write in feh while receiving an IPC message. This could result in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id101339
    published2017-07-10
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/101339
    titleGLSA-201707-08 : feh: Arbitrary remote code execution