GIMP Integer Overflow Vulnerability in FITS Image Loader Leading to Heap Buffer Overflow

An integer overflow vulnerability has been identified in the FITS image loader of GIMP. This flaw allows remote attackers to exploit the vulnerability by providing specially crafted FITS files. The integer overflow results in a zero-byte memory allocation, which, when processing pixel data, is subjected to a heap buffer overflow. Successful exploitation of this vulnerability could cause a denial-of-service condition or potentially allow arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to memory corruption. Such buffer overflows are commonly exploited to execute arbitrary code. Additionally, the vulnerability causes a denial-of-service condition by crashing the application or consuming excessive resources.

Remediation

Users are advised to avoid opening untrusted FITS image files with GIMP. If GIMP is not needed, consider removing the application to reduce the attack surface. On Red Hat Enterprise Linux systems, GIMP can be uninstalled using the package manager.