GIMP Heap-Buffer-Overflow Vulnerability in PSD File Processing Leading to Denial-of-Service

A heap-buffer-overflow vulnerability has been identified in GIMP, specifically within the fread_pascal_string function of the PSD file handling plugin. This vulnerability arises when the function processes a specially crafted Photoshop Document (PSD) file. The issue occurs because the buffer allocated for Pascal strings is not properly null-terminated, which leads to an out-of-bounds read when the strlen() function is called. Exploiting this vulnerability causes the application to crash, creating a denial-of-service condition.

Impact

Exploitation of this vulnerability causes GIMP to crash, leading to a denial-of-service condition where the application is unavailable to the user.

Reproduction

The vulnerability can be reproduced by building GIMP with AddressSanitizer enabled, and then opening a crafted PSD file that exploits the null-termination flaw in the fread_pascal_string function. This can be done by using the GIMP application and selecting the 'Open' option in the File menu.