Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
{ "binaries": [ { "binary_name": "eog", "binary_version": "3.10.2-0ubuntu5.2" }, { "binary_name": "eog-dbg", "binary_version": "3.10.2-0ubuntu5.2" }, { "binary_name": "eog-dbgsym", "binary_version": "3.10.2-0ubuntu5.2" }, { "binary_name": "eog-dev", "binary_version": "3.10.2-0ubuntu5.2" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "eog", "binary_version": "3.18.2-1ubuntu2.1" }, { "binary_name": "eog-dbg", "binary_version": "3.18.2-1ubuntu2.1" }, { "binary_name": "eog-dbgsym", "binary_version": "3.18.2-1ubuntu2.1" }, { "binary_name": "eog-dev", "binary_version": "3.18.2-1ubuntu2.1" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }