GIMP Heap-Based Buffer Overflow Vulnerability in PSP File Parsing Allowing Remote Code Execution

A heap-based buffer overflow vulnerability has been identified in GIMP, specifically within the PSP file parsing component. This issue allows remote attackers to execute arbitrary code on affected installations of GIMP. The vulnerability arises from improper validation of user-supplied data lengths before copying them to a heap-based buffer. Exploitation requires user interaction, as the target must open a malicious PSP file. The vulnerability is present in GIMP versions prior to the latest patch.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, with the executed code running in the context of the current process.

Reproduction

To reproduce this vulnerability, open a PSP file with a bit depth of 1 or 4 bits and a small width in an affected version of GIMP. The improper handling of the file's bit depth and width during the parsing process will lead to a buffer overflow, allowing for arbitrary code execution.

Remediation

GIMP has released a patch for this vulnerability. Users should update to the latest version to address the issue.