Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eog (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
evince (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
firefox (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
firefox-3.0 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
gimp (Ubuntu) |
Invalid
|
Undecided
|
Kees Cook |
Bug Description
There's an alleged proof-of-concept exploit published on July 8, 2008 at http://
"Malicious SVG file DoS
The following applications were tested in their latest revisions:
Firefox's "browse for file, preview" object on linux: affected
evince on linux: affected
eog on linux: affected
gimp on linux: affected
inkscape on linux: unaffected
Microsoft Visio on windows: unaffected
It is unknown at this time whether code execution is possible..."
Unfortunately I currently lack the resources to verify the existence of the vulnerability.
WARNING: the .zip file might harm your computer. Don't open it on your normal machine.
A more or less safe way to test it would be to physically disconnect any important devices (all hard disks, network connections to any networks that trust your machine, etc.) and to boot from a live CD. But you should still know what you're doing.
I cannot reproduce this on any of the linked packages. Have you seen actual crashes?