Date: Wed, 20 Dec 2017 06:59:18 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: GIMP parser bugs (FLIMP and more) Hi On Tue, Dec 19, 2017 at 05:11:19PM +0100, Hanno B??ck wrote: > Hi, > > See also > https://flimp.fuzzing-project.org/ > > Background: In 2014, back when I started the fuzzing project, I > reported two bugs in GIMP in their more obscure parsers. Recently I was > contacted by Tobias St??ckmann who wrote a working exploit (on freebsd <- > no aslr, thus easier) for one of those bugs in the FLIC parser. He also > submitted a patch. > > The bugs were ignored all the time, patches as well. > > I reported a couple of more bugs and also contacted the GNOME security > team. Some have patches, others not, ony one got handled. It seems > overall the file format importers are unmaintained. > I also tried to submit a fuzzing guide to the gimp wiki, which failed, > because the people who are supposed to hand out user accounts don't > answer. (gimp is not fuzzing friendly.) > > The bugs: The following CVEs were assigned: > Heap overflow in FLI import (the one where we have an exploit): > https://bugzilla.gnome.org/show_bug.cgi?id=739133 CVE-2017-17785 > OOB read in TGA (with patch) > https://bugzilla.gnome.org/show_bug.cgi?id=739134 CVE-2017-17786 > OOB read in XCF (patch, the only one that got merged and fixed) > https://bugzilla.gnome.org/show_bug.cgi?id=790783 CVE-2017-17788 > OOB read in GBR (no patch, looks like string/utf8 issue) > https://bugzilla.gnome.org/show_bug.cgi?id=790784 CVE-2017-17784 > Heap overflow in PSP (no patch, doesn't look straightforward to fix) > https://bugzilla.gnome.org/show_bug.cgi?id=790849 CVE-2017-17789 > OOB read in PSP (no patch) > https://bugzilla.gnome.org/show_bug.cgi?id=790853 CVE-2017-17787 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ