Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Gnome Nautilus 3.16 - Denial of Service

🗓️ 03 Dec 2015 00:00:00Reported by Panagiotis VagenasType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 21 Views

Gnome Nautilus 3.16 Denial of Service through Malicious Crafted .jp2 Fil

Code
* Exploit Title: Gnome Nautilus [Denial of Service]
* Discovery Date: 2015/10/27
* Public Disclosure Date: 2015/12/01
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: https://www.gnome.org/
* Software Link: https://wiki.gnome.org/Apps/Nautilus
* Version: 3.16
* Tested on: Ubuntu 14.04, Fedora 22


Description
========================================================================
========

Gnome Nautilus <= v3.16 is vulnerable to DoS attack through a
malicious crafted file.

Details
- ------------------------------------------------------------------------
- --------
A malicious crafted file can be used to perform a DoS attack in
Nautilus. The attacker must have local
access to affected system or convince the victim to download the file
(email, web url etc.). Next time
the victim tries to open the directory that contains the malicious
file, Nautilus crashes without warning.

The file must have a `.jp2` extension and start with the JPEG
signature (`0xFFD8`).

Additional Notes
- ------------------------------------------------------------------------
- --------

This seems to happen every time Nautilus is trying to update the
thumbnail of the file.

In Ubuntu and Fedora process dies with the message:
```
Premature end of JPEG file
JPEG datastream contains no image
```

This vulnerability seems to affect all Nautilus versions prior to 3.16.

PoC
========================================================================
========

1. Create a file without a `.jp2` extension in an affected system
2. Open the file in a hex editor so it start with the JPEG signature
(`0xFFD8`)
3. Rename the file so it has the `.jp2` extension
4. Open directory with Nautilus
5. Nautilus dies without warning

Timeline
========================================================================
========

2015/10/27 - Discovered
2015/10/29 - Vendor notified at [email protected]

Solution
========================================================================
========

No official solution yet exists.

Work-around
- ------------------------------------------------------------------------
- --------

Disabling generation of thumbnails for all files, through Nautilus
options, will prevent Nautilus from crashing.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Dec 2015 00:00Current
7.4High risk
Vulners AI Score7.4
gnome nautilusdenial of servicemalicious crafted file.jp2jpeg signaturedos attackubuntufedorathumbnailvulnerabilityexploitvendor notificationwork-around
21