CVE-2017-7875

NameCVE-2017-7875
DescriptionIn wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-899-1
NVD severityhigh (attack range: remote)
Debian Bugs860367

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
feh (PTS)jessie2.12-1vulnerable
stretch2.18-2fixed
bullseye, sid, buster3.1.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
fehsource(unstable)2.18-2low860367
fehsourcewheezy2.3-2+deb7u1highDLA-899-1

Notes

[jessie] - feh <no-dsa> (Minor issue)
Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d

Search for package or bug name: Reporting problems