Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-19451 - log back

CVE-2019-19451 edited at 15 Jun 2021 07:57:47

Severity

-	Unknown
+	Low

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Denial of service

Description

+

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.)

References

+	https://gitlab.gnome.org/GNOME/dia/-/issues/428
+	https://gitlab.gnome.org/GNOME/dia/-/merge_requests/50
+	https://gitlab.gnome.org/GNOME/dia/-/commit/baa2df853f9fb770eedcf3d94c7f5becebc90bb9

Notes

CVE-2019-19451 created at 15 Jun 2021 07:54:17