GIMP TIM Image Loader Stack Buffer Overflow Vulnerability Allowing Denial-of-Service

A stack buffer overflow vulnerability has been identified in GIMP's TIM image loader, specifically in the 4BPP decoding path. This flaw allows a local user to cause a denial-of-service condition by opening a specially crafted TIM image file. The vulnerability arises because a variable-length array is allocated based on the image width, but the decoding process unconditionally writes double the width in bytes, leading to a crash as GIMP attempts to process the overflowing data.

Impact

Exploitation of this vulnerability leads to a crash of the GIMP application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, open a TIM image file that has been crafted to exploit the 4BPP decoding path in the TIM image loader. The application will crash due to the stack buffer overflow caused by the improper handling of the image data.

Remediation

Users are advised to avoid opening untrusted TIM image files with GIMP. Exercise caution when handling files from unknown or suspicious sources.