[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] GIMP parser bugs (FLIMP and more)
From: Salvatore Bonaccorso <carnil () debian ! org>
Date: 2017-12-20 5:59:18
Message-ID: 20171220055918.GA32086 () lorien ! valinor ! li
[Download RAW message or body]
Hi
On Tue, Dec 19, 2017 at 05:11:19PM +0100, Hanno B??ck wrote:
> Hi,
>
> See also
> https://flimp.fuzzing-project.org/
>
> Background: In 2014, back when I started the fuzzing project, I
> reported two bugs in GIMP in their more obscure parsers. Recently I was
> contacted by Tobias St??ckmann who wrote a working exploit (on freebsd <-
> no aslr, thus easier) for one of those bugs in the FLIC parser. He also
> submitted a patch.
>
> The bugs were ignored all the time, patches as well.
>
> I reported a couple of more bugs and also contacted the GNOME security
> team. Some have patches, others not, ony one got handled. It seems
> overall the file format importers are unmaintained.
> I also tried to submit a fuzzing guide to the gimp wiki, which failed,
> because the people who are supposed to hand out user accounts don't
> answer. (gimp is not fuzzing friendly.)
>
> The bugs:
The following CVEs were assigned:
> Heap overflow in FLI import (the one where we have an exploit):
> https://bugzilla.gnome.org/show_bug.cgi?id=739133
CVE-2017-17785
> OOB read in TGA (with patch)
> https://bugzilla.gnome.org/show_bug.cgi?id=739134
CVE-2017-17786
> OOB read in XCF (patch, the only one that got merged and fixed)
> https://bugzilla.gnome.org/show_bug.cgi?id=790783
CVE-2017-17788
> OOB read in GBR (no patch, looks like string/utf8 issue)
> https://bugzilla.gnome.org/show_bug.cgi?id=790784
CVE-2017-17784
> Heap overflow in PSP (no patch, doesn't look straightforward to fix)
> https://bugzilla.gnome.org/show_bug.cgi?id=790849
CVE-2017-17789
> OOB read in PSP (no patch)
> https://bugzilla.gnome.org/show_bug.cgi?id=790853
CVE-2017-17787
Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic