GwenView Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities

GwenView Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities

GwenView is reported prone to multiple unspecified heap memory corruption vulnerabilities. It is reported that these issues are caused by a lack of sufficient sanity checks performed while allocating heap-based memory when the chunk size is derived from the image height, width and plane values.

It is reported that a malicious image may be used to trigger these issues.

A remote attacker may potentially exploit these vulnerabilities to crash affected software, or to potentially execute arbitrary code in the context of the user that is running the affected software, although this is not confirmed.

This BID will be updated and split into unique BIDs as soon as further information is available.