GIMP: Malicious code gap as the ICO parser fails
A security vulnerability in the graphics program GIMP puts users at risk: Manipulated ICO files can inject code.
The current version 3.0.2 of GIMP contains a code-smuggling loophole.
(Image: Screenshot / dmk)
IT security researchers have discovered a security vulnerability in the current version of GIMP. When processing manipulated ICO files, the graphics software can fail and execute malicious code. An update is not yet available.
The GIMP developers have published the details of the vulnerability in a security release from Trend Micro's Zero Day Initiative. There, the IT security researchers discuss the vulnerability in more detail using the source code. A calculation for a buffer size uses information on the height and width of an ICO file from the metadata, which can be controlled by attackers. Due to a multiplication, an integer overflow can occur, causing the value to be too small. As a result, a heap-based buffer overflow can occur during further processing of the file that is too large.
Buffer overflow leads to possible code smuggling
The source code commit with the error correction also discusses that ICO files can also store PNGs, which makes it possible to create icons that are much larger than the specified image size and thus provoke a buffer overflow. The code now checks other conditions that the developers say will ensure that the buffer size calculation does not trigger an overflow.
As the GIMP developers write in the comments of the security report, they have already made details of the vulnerability public before a bugfix version has been released, as cybercriminals can analyze the source code commits and patches and thus discover the vulnerability. Users should therefore be warned.
Videos by heise
As no update is yet available, GIMP users should refrain from processing ICO files with the program for the time being, at least from untrusted sources. As the source code already contains suitable corrections, the updated versions should be released shortly. This can be checked under Linux using the software management of the distribution used. However, anyone using the convenience of installing and updating from the Microsoft Store on Windows is still using the vulnerable version GIMP 3.0.2 at the time of reporting.
Around a month ago, it became known that there were security gaps in the old GIMP 2 development branch that also allowed malicious code to be smuggled in. The update to the new GIMP 3 version was mentioned as a remedy.
(dmk)
