Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write

EDB-ID:

40291




Platform:

Linux

Date:

2016-08-23


# Exploit Title: Gnome Eye of Gnome Out-of-bounds-write
# Exploit Author: Kaslov Dmitri
# Vendor Homepage: https://wiki.gnome.org/Apps/EyeOfGnome
# Version: 3.10.2
# Tested on: Ubuntu 14.04 LTS
# CVE: CVE-2016-6855

Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40291.zip


Reported: 19-August-2016
Fixed: 21-Agugst-2016 (fix will go into next software release)

GMarkup requires valid UTF8 input strings and would cause odd
looking messages if given invalid input. This could also trigger an
out-of-bounds write in glib before 2.44.1