Vigil@nce - Gimp: integer overflow of XWD Colormap Entries
December 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious XWD image, to generate an
integer overflow in Gimp, in order to trigger a denial of service,
and possibly to execute code.
– Impacted products: Debian, Fedora, GIMP, MBS, MES, RHEL
– Severity: 2/4
– Creation date: 05/12/2013
DESCRIPTION OF THE VULNERABILITY
The Gimp product supports images in the XWD format.
However, if the Colormap size is too large, a multiplication
overflows, and an allocated memory area is too short.
An attacker can therefore create a malicious XWD image, to
generate an integer overflow in Gimp, in order to trigger a denial
of service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Gimp-integer-overflow-of-XWD-Colormap-Entries-13876