GIMP Heap Buffer Over-Read Vulnerability in PCX File Loader

A heap buffer over-read vulnerability has been identified in GIMP's PCX file loader, versions through 2.10.30 and 3.2.0-RC3+git. This vulnerability arises from an off-by-one error in the validation of the 'bytesperline' parameter, allowing remote attackers to craft PCX images that, when opened by the user, cause GIMP to read beyond the intended memory boundaries. This exploitation can lead to unauthorized memory disclosure and potentially cause the application to crash, creating a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a heap buffer over-read, leading to out-of-bounds memory disclosure. This can result in an application crash and a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by building GIMP with AddressSanitizer enabled, which detects memory errors. After compiling GIMP with this option, the application can be run in a headless mode to open a maliciously crafted PCX file that exploits the buffer over-read. AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users are advised to avoid opening untrusted PCX files with GIMP. If GIMP is not needed, consider uninstalling it to remove this vulnerability.