Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 20 Dec 2017 06:59:18 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: GIMP parser bugs (FLIMP and more)

Hi

On Tue, Dec 19, 2017 at 05:11:19PM +0100, Hanno B??ck wrote:
> Hi,
> 
> See also
> https://flimp.fuzzing-project.org/
> 
> Background: In 2014, back when I started the fuzzing project, I
> reported two bugs in GIMP in their more obscure parsers. Recently I was
> contacted by Tobias St??ckmann who wrote a working exploit (on freebsd <-
> no aslr, thus easier) for one of those bugs in the FLIC parser. He also
> submitted a patch.
> 
> The bugs were ignored all the time, patches as well.
> 
> I reported a couple of more bugs and also contacted the GNOME security
> team. Some have patches, others not, ony one got handled. It seems
> overall the file format importers are unmaintained.
> I also tried to submit a fuzzing guide to the gimp wiki, which failed,
> because the people who are supposed to hand out user accounts don't
> answer. (gimp is not fuzzing friendly.)
> 
> The bugs:

The following CVEs were assigned:

> Heap overflow in FLI import (the one where we have an exploit):
> https://bugzilla.gnome.org/show_bug.cgi?id=739133

CVE-2017-17785

> OOB read in TGA (with patch)
> https://bugzilla.gnome.org/show_bug.cgi?id=739134

CVE-2017-17786

> OOB read in XCF (patch, the only one that got merged and fixed)
> https://bugzilla.gnome.org/show_bug.cgi?id=790783

CVE-2017-17788

> OOB read in GBR (no patch, looks like string/utf8 issue)
> https://bugzilla.gnome.org/show_bug.cgi?id=790784

CVE-2017-17784

> Heap overflow in PSP (no patch, doesn't look straightforward to fix)
> https://bugzilla.gnome.org/show_bug.cgi?id=790849

CVE-2017-17789

> OOB read in PSP (no patch)
> https://bugzilla.gnome.org/show_bug.cgi?id=790853

CVE-2017-17787

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ