Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 20 Dec 2017 06:59:18 +0100
From: Salvatore Bonaccorso <>
Subject: Re: GIMP parser bugs (FLIMP and more)


On Tue, Dec 19, 2017 at 05:11:19PM +0100, Hanno B??ck wrote:
> Hi,
> See also
> Background: In 2014, back when I started the fuzzing project, I
> reported two bugs in GIMP in their more obscure parsers. Recently I was
> contacted by Tobias St??ckmann who wrote a working exploit (on freebsd <-
> no aslr, thus easier) for one of those bugs in the FLIC parser. He also
> submitted a patch.
> The bugs were ignored all the time, patches as well.
> I reported a couple of more bugs and also contacted the GNOME security
> team. Some have patches, others not, ony one got handled. It seems
> overall the file format importers are unmaintained.
> I also tried to submit a fuzzing guide to the gimp wiki, which failed,
> because the people who are supposed to hand out user accounts don't
> answer. (gimp is not fuzzing friendly.)
> The bugs:

The following CVEs were assigned:

> Heap overflow in FLI import (the one where we have an exploit):


> OOB read in TGA (with patch)


> OOB read in XCF (patch, the only one that got merged and fixed)


> OOB read in GBR (no patch, looks like string/utf8 issue)


> Heap overflow in PSP (no patch, doesn't look straightforward to fix)


> OOB read in PSP (no patch)



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ