Gnome Nautilus [Denial of Service]

Gnome Nautilus <= v3.16 is vulnerable to DoS attack through a malicious crafted file.

Description

A malicious crafted file can be used to perform a DoS attack in Nautilus. The attacker must have local access to affected system or convince the victim to download the file (email, web url etc.). Next time the victim tries to open the directory that contains the malicious file, Nautilus crashes without warning.

The file must have a .jp2 extension and start with the JPEG signature (0xFFD8).

Additional Notes

This seems to happen every time Nautilus is trying to update the thumbnail of the file.

In Ubuntu and Fedora process dies with the message:

Premature end of JPEG file
JPEG datastream contains no image

This vulnerability seems to affect all Nautilus versions up to 3.16.

PoC

1. Create a file without a .jp2 extension in an affected system
2. Open the file in a hex editor so it start with the JPEG signature (0xFFD8)
3. Rename the file so it has the .jp2 extension
4. Open directory with Nautilus
5. Nautilus dies without warning

---

Linux Denial of Service DoS

---

INFO

• 27 October 2015
• Pan Vag
• www.gnome.org
• wiki.gnome.org
• Fedora 22, Ubuntu 14.04

TIMELINE

• 2015-10-27:
  Requested CVE ID
• 2015-10-29:
  Vendor notified at [email protected]
• 2015-11-11:
  Requested CVE ID (no response from 2015-10-27)
• 2016-02-06:
  Requested CVE ID (no response from 2015-11-11)