Bug 150677 - CAN-2005-0654 gimp GIF DoS
Summary: CAN-2005-0654 gimp GIF DoS
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gimp
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Nils Philippsen
QA Contact: David Lawrence
URL:
Whiteboard: impact=none,public=20050304,source=cv...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-03-09 16:11 UTC by Josh Bressers
Modified: 2007-11-30 22:07 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2005-03-21 12:02:53 UTC

Attachments (Terms of Use)
Demo image which triggers this issue. (62 bytes, application/octet-stream)
2005-03-09 16:11 UTC, Josh Bressers 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Bugzilla 169113 None None None Never

Description Josh Bressers 2005-03-09 16:11:26 UTC 
gifload in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or
local users to cause a denial of service (application crash) via the image
descriptor (1) height or (2) width fields set to zero.

http://marc.theaimsgroup.com/?l=bugtraq&m=110995346018830&w=2
Comment 1 Josh Bressers 2005-03-09 16:11:26 UTC 
Created attachment 111813 [details]
Demo image which triggers this issue.
Comment 2 Josh Bressers 2005-03-09 16:12:47 UTC 
This issue should also affect RHEL3 and RHEL2.1.
Comment 3 Nils Philippsen 2005-03-09 17:01:32 UTC 
Hmm, with gimp-2.2.4, this crashes the GIF _plugin_ in an assertion. I don't see
how it should affect the main application. Nevertheless I'll backport the fix
which is in upstream CVS for RHEL/Fedora, because upstream won't bother to
backport it themselves (see their bugzilla).
Comment 7 Mark J. Cox 2005-03-21 12:02:53 UTC 
Crashing a client application on load of a malicious image is not a security
issue -- don't load the bad image.  Closing.
Note You need to log in before you can comment on or make changes to this bug.