Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Dec 2017 17:11:19 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: GIMP parser bugs (FLIMP and more)

Hi,

See also
https://flimp.fuzzing-project.org/

Background: In 2014, back when I started the fuzzing project, I
reported two bugs in GIMP in their more obscure parsers. Recently I was
contacted by Tobias Stöckmann who wrote a working exploit (on freebsd <-
no aslr, thus easier) for one of those bugs in the FLIC parser. He also
submitted a patch.

The bugs were ignored all the time, patches as well.

I reported a couple of more bugs and also contacted the GNOME security
team. Some have patches, others not, ony one got handled. It seems
overall the file format importers are unmaintained.
I also tried to submit a fuzzing guide to the gimp wiki, which failed,
because the people who are supposed to hand out user accounts don't
answer. (gimp is not fuzzing friendly.)

The bugs:

Heap overflow in FLI import (the one where we have an exploit):
https://bugzilla.gnome.org/show_bug.cgi?id=739133

OOB read in TGA (with patch)
https://bugzilla.gnome.org/show_bug.cgi?id=739134

OOB read in XCF (patch, the only one that got merged and fixed)
https://bugzilla.gnome.org/show_bug.cgi?id=790783

OOB read in GBR (no patch, looks like string/utf8 issue)
https://bugzilla.gnome.org/show_bug.cgi?id=790784

Heap overflow in PSP (no patch, doesn't look straightforward to fix)
https://bugzilla.gnome.org/show_bug.cgi?id=790849

OOB read in PSP (no patch)
https://bugzilla.gnome.org/show_bug.cgi?id=790853


-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ