Red Hat Bugzilla – Bug 150677
CAN-2005-0654 gimp GIF DoS
Last modified: 2007-11-30 17:07:16 EST
gifload in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or
local users to cause a denial of service (application crash) via the image
descriptor (1) height or (2) width fields set to zero.
Created attachment 111813 [details]
Demo image which triggers this issue.
This issue should also affect RHEL3 and RHEL2.1.
Hmm, with gimp-2.2.4, this crashes the GIF _plugin_ in an assertion. I don't see
how it should affect the main application. Nevertheless I'll backport the fix
which is in upstream CVS for RHEL/Fedora, because upstream won't bother to
backport it themselves (see their bugzilla).
Crashing a client application on load of a malicious image is not a security
issue -- don't load the bad image. Closing.