oss-sec mailing list archives
GIMP parser bugs (FLIMP and more)
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 19 Dec 2017 17:11:19 +0100
Hi, See also https://flimp.fuzzing-project.org/ Background: In 2014, back when I started the fuzzing project, I reported two bugs in GIMP in their more obscure parsers. Recently I was contacted by Tobias Stöckmann who wrote a working exploit (on freebsd <- no aslr, thus easier) for one of those bugs in the FLIC parser. He also submitted a patch. The bugs were ignored all the time, patches as well. I reported a couple of more bugs and also contacted the GNOME security team. Some have patches, others not, ony one got handled. It seems overall the file format importers are unmaintained. I also tried to submit a fuzzing guide to the gimp wiki, which failed, because the people who are supposed to hand out user accounts don't answer. (gimp is not fuzzing friendly.) The bugs: Heap overflow in FLI import (the one where we have an exploit): https://bugzilla.gnome.org/show_bug.cgi?id=739133 OOB read in TGA (with patch) https://bugzilla.gnome.org/show_bug.cgi?id=739134 OOB read in XCF (patch, the only one that got merged and fixed) https://bugzilla.gnome.org/show_bug.cgi?id=790783 OOB read in GBR (no patch, looks like string/utf8 issue) https://bugzilla.gnome.org/show_bug.cgi?id=790784 Heap overflow in PSP (no patch, doesn't look straightforward to fix) https://bugzilla.gnome.org/show_bug.cgi?id=790849 OOB read in PSP (no patch) https://bugzilla.gnome.org/show_bug.cgi?id=790853 -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- GIMP parser bugs (FLIMP and more) Hanno Böck (Dec 19)
- Re: GIMP parser bugs (FLIMP and more) Salvatore Bonaccorso (Dec 19)