Shutter

No 100% opacity with pixelize applied at image borders resulting in leakage of private information

Bug #1690832 reported by thermoman
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Shutter
Confirmed
Undecided
Unassigned

Bug Description

Hi,

I'm running shutter-0.93.1-1ubuntu1 on Ubuntu Xenial and there is a serious privacy issue with the pixelize tool when editing screenshots.

The pixelize tool is normally used to hide private information in screenshots, e.g. before sharing them with others online.

It's vital that any parts of the image the user puts a pixelize overlay on uses 100% opacity so no sensitive information the user want's to hide remains visible in the image after being saved.

When snapping a screenshot (as PNG file) and then editing the file, the pixelize overlay becomes kinda translucent as soon as parts of the pixelize rectangle touch the image border.

I can reproduce this issue even when the pixelize rectangle doesn't touch or go beyond the image area.

Sometimes you have to move the pixelize area a couple of times until you see that the subjacent content is still visible.

***** Nobody using the pixelize function expects that the overlay does leak content the user just tried to hide. This is serious.

Revision history for this message
thermoman (thermoman) wrote :
Revision history for this message
thermoman (thermoman) wrote :
Revision history for this message
thermoman (thermoman) wrote :
information type: Private Security → Public Security
Revision history for this message
thermoman (thermoman) wrote :

Nobody cares?

Revision history for this message
Michael Kogan (michael-kogan) wrote :

I tried to reproduce it but couldn't... Which version of imagemagick are you using?

Revision history for this message
thermoman (thermoman) wrote :

All packages installed with 'magick' in it's packagename are version

  8:6.8.9.9-7ubuntu5.7

Here are steps to reproduce:

1. Take a snapshot of a window with shutter
   (terminal console or gedit with text entered,
   optimal with light text on dark background or vice versa)
2. Edit that snapshot inside shutter
3. Use the pixelize tool to draw a rectange on the image
4. Move/drag the pixelize rectangle so that the left *and* top edge of the rectangle
   touch the images left and top boundary.
5. Release mouse button
6. Drag rectangle a little bit to the left and to the top
   (so that the left and top edge of the rectangle isn't visible anymore
7. repeat step 5 to 6 until you can clearly see the text you're trying to hide after
   pixelize was applied.

Just tried to reproduce. Took me 10 seconds and 10-20 drags of the rectangle:

> http://imgur.com/a/3v0Fx

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Please note that using data-dependent operations in an attempt to obfuscate data is extremely dangerous:

http://fusion.kinja.com/um-bad-news-pixelating-or-blurring-doesnt-actually-wo-1793860362
https://dheera.net/projects/blur
http://cseweb.ucsd.edu/~saul/papers/pets16-redact.pdf

If you want to keep part of an image private use something that does not depend upon the underlying data. Be sure that you're not simply applying a black bar on a different layer, or changing colors of text or background, as those are also prone to failure. (Not really applicable to png but other file formats have multiple layers.)

http://blogs.adobe.com/security/2009/12/how_to_properly_redact_pdf_fil.html
https://apple.stackexchange.com/questions/22683/blacking-out-a-part-of-a-pdf-or-redaction-of-text

Thanks

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Unsubscribing ubuntu-security-sponsors since there is nothing here to sponsor.

Michael Kogan (michael-kogan)
Changed in shutter:
status: New → Confirmed
Revision history for this message
Michael Kogan (michael-kogan) wrote :

You are right, I could reproduce it. Since Shutter is not maintained any more I would advise you to use the censor tool (directly above the pixelize tool).

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.