CVE-2020-36427: 
NixOS vulnerability analysis and mitigation

GNOME gThumb before version 3.10.1 contains a vulnerability that allows an application crash via a malformed JPEG image. The vulnerability was discovered and assigned CVE-2020-36427 on July 19, 2021. The affected software is gThumb, an image viewer and browser utility for the GNOME environment (MITRE CVE, Ubuntu Security).

The vulnerability has been assigned a CVSS 3.1 base score of 5.5 (Medium severity). The attack vector is Local, with low attack complexity, requiring no privileges but user interaction. The scope is unchanged, with no impact on confidentiality and integrity, but high impact on availability. The complete vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (Ubuntu Security).

If exploited, this vulnerability could result in a denial of service through application crash when processing malformed JPEG files. The impact is limited to availability, with no reported effects on system confidentiality or integrity (Ubuntu Security Notice).

The vulnerability has been fixed in gThumb version 3.10.1. The fix addresses the JPEG loader crash issue for malformed JPEG files. Various Linux distributions have released patched versions, including Ubuntu 20.04 LTS (version 3:3.8.0-2.1ubuntu0.1) and Ubuntu 18.04 LTS (version 3:3.6.1-1ubuntu0.1~esm1). Users are advised to update their systems to the latest available version (GNOME News, Ubuntu Security).