Red Hat Bugzilla – Bug 150677
CAN-2005-0654 gimp GIF DoS
Last modified: 2007-11-30 17:07:16 EST
gifload in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero. http://marc.theaimsgroup.com/?l=bugtraq&m=110995346018830&w=2
Created attachment 111813 [details] Demo image which triggers this issue.
This issue should also affect RHEL3 and RHEL2.1.
Hmm, with gimp-2.2.4, this crashes the GIF _plugin_ in an assertion. I don't see how it should affect the main application. Nevertheless I'll backport the fix which is in upstream CVS for RHEL/Fedora, because upstream won't bother to backport it themselves (see their bugzilla).
Crashing a client application on load of a malicious image is not a security issue -- don't load the bad image. Closing.