Vulnerability in the GIMP image editing tool
According to security services provide Secunia, a vulnerability in the free image editing tool GIMP (GNU Image Manipulation Program) can potentially be exploited to compromise a users system. The vulnerability, rated by Secunia as moderately critical, occurs when processing specially crafted BMP images within the ReadImage()
function in plug-ins/file-bmp/bmp-read.c
causing an integer overflow that can be exploited to cause a heap-based buffer overflow. The overflow may allow an attacker to remotely execute code on a users system.
The vulnerability was discovered in the latest stable release, GIMP 2.6.7 from the 14th of August, 2009. Other versions may also be affected. The developers have been advised of the problem and have addressed it in the GIT source code repository. An official update, however, has yet to be released.
See also:
- Gimp BMP Image Parsing Integer Overflow Vulnerability, security advisory from Secunia.
- GIMP to go (L)GPL3, a report from The H.
(crve)