GIMP Integer Overflow Vulnerability in ICO File Processing Leading to Memory Corruption

An integer overflow vulnerability has been identified in GIMP when handling ICO image files. This issue occurs in the 'ico_read_info' and 'ico_read_icon' functions, where a 32-bit integer evaluation allows oversized image headers to bypass security checks. A remote attacker could exploit this vulnerability by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption. The result is an application-level denial of service.

Impact

Exploitation of this vulnerability causes memory corruption due to the integer overflow, which can lead to a buffer overflow. This type of memory corruption allows for undefined behavior, such as application crashes. Additionally, the vulnerability could be exploited to execute unauthorized code, bypass security mechanisms, or cause resource consumption issues, all of which can disrupt normal application operation.

Reproduction

The vulnerability can be reproduced by creating a malicious ICO file that exploits the integer overflow in the 'ico_read_info' and 'ico_read_icon' functions. This can be done by crafting an ICO file with oversized headers that exceed the normal size limits, causing the size calculations to wrap around and bypass security checks. Once the file is created, it can be opened in GIMP to trigger the vulnerability.