No description
As reported by Seungho Kim our despeckle filter doesn't check for integer overflow when allocating buffers, nor do we check for failed allocations. A potential integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions (width, height) and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This could lead to heap corruption and potential denial-of-service (DoS) or arbitrary code execution in certain scenarios. Vulnerability Details •width and height are of type guint (signed 32-bit int). •Multiplying width * height * img_bpp can result in a value exceeding the bounds of gsize. •g_new() does not perform overflow protection; if the size wraps around, less memory than needed will be allocated. •Subsequent pixel processing loops write beyond the allocated memory region (src, dst). Proof of Concept (PoC) Open a specially crafted image with very large dimensions (e.g., 70,000 x 70,000 pixels) and apply the Despeckle filter. GIMP may crash due to heap corruption, or undefined behavior may occur. We applied the suggested changes and in addition adjusted the despeckle function to be able to set error messages, and check for NULL allocations. |
||
|---|---|---|
| .gitlab | ||
| .vscode | ||
| app | ||
| app-tools | ||
| build | ||
| data | ||
| desktop | ||
| devel-docs | ||
| docs | ||
| etc | ||
| extensions | ||
| gimp-data@e62f1905dc | ||
| libgimp | ||
| libgimpbase | ||
| libgimpcolor | ||
| libgimpconfig | ||
| libgimpmath | ||
| libgimpmodule | ||
| libgimpthumb | ||
| libgimpwidgets | ||
| menus | ||
| modules | ||
| pdb | ||
| plug-ins | ||
| po | ||
| po-libgimp | ||
| po-plug-ins | ||
| po-python | ||
| po-script-fu | ||
| po-tags | ||
| po-tips | ||
| po-windows-installer | ||
| themes | ||
| tools | ||
| .clang-format | ||
| .dir-locals.el | ||
| .gitlab-ci.yml | ||
| .gitmodules | ||
| .kateconfig | ||
| AUTHORS | ||
| authors.dtd | ||
| authors.xml | ||
| authors.xsl | ||
| authors4gimp-web.xsl | ||
| ChangeLog.pre-1-0 | ||
| ChangeLog.pre-1-2 | ||
| ChangeLog.pre-2-0 | ||
| ChangeLog.pre-2-2 | ||
| ChangeLog.pre-2-4 | ||
| ChangeLog.pre-2-6 | ||
| ChangeLog.pre-git | ||
| COPYING | ||
| gimp.doap | ||
| INSTALL.in | ||
| LICENSE | ||
| MAINTAINERS | ||
| meson.build | ||
| meson_dist_script.py | ||
| meson_options.txt | ||
| NEWS | ||
| NEWS.pre-2-0 | ||
| NEWS.pre-2-2 | ||
| NEWS.pre-2-4 | ||
| NEWS.pre-2-6 | ||
| NEWS.pre-2-8 | ||
| NEWS.pre-2-10 | ||
| NEWS.pre-3-0 | ||
| README | ||
| README.i18n | ||
------------------------------
GNU Image Manipulation Program
3.0 Stable Branch
------------------------------
This is a stable release in the GIMP 3.0 series.
If you think you found a bug in this version, please make sure that it
hasn't been reported earlier and that it is not just new stuff that is
still being worked on and obviously not quite finished yet. If neither
of these, please report it!
If you want to hack on GIMP, please read the file devel-docs/README.md.
For detailed installation instructions, see the file INSTALL.
1. Web Resources
================
GIMP's home page is at:
https://www.gimp.org/
Please be sure to visit this site for information, documentation,
tutorials, news, etc. All things GIMP-ish are available from there.
The latest version of GIMP can be found at:
https://www.gimp.org/downloads/
We also have a website dedicated to documentation at:
https://docs.gimp.org/
2. Contributing
===============
GIMP source code can be found at:
https://gitlab.gnome.org/GNOME/gimp/
Resources for contributors:
https://developer.gimp.org/
In particular, you may want to look in the "Core Development" section. Some
articles of particular interest for newcomers could be:
* Setting up your developer environment: https://developer.gimp.org/core/setup/
* GIMP Coding Style: https://developer.gimp.org/core/coding_style/
* Submit your first patch: https://developer.gimp.org/core/submit-patch/
3. Discussion Channels
======================
We have several discussion channels dedicated to GIMP user and
development discussion. There is more info at:
https://www.gimp.org/discuss.html
For the real junkies, there are IRC channels (e.g. #gimp or #gimp-user)
devoted to GIMP on GIMPNet (a private free software oriented network).
Many of the developers hang out there. Some of the GIMPNet servers are:
irc.gimp.org:6667
irc.us.gimp.org:6667
irc.eu.gimp.org:6667
More discussion channels, such as forums, will be listed on the above
"discuss" page when they are moderated by a team member.
Links to archives of former discussion methods (e.g. mailing lists) are
also included in that page.
4. Customizing
==============
The look of GIMP's interface can be customized like any other GTK+ app
by editing files in `${XDG_CONFIG_HOME}/gtk-3.0/` (settings.ini and
gtk.css in particular) or by using "themes" (ready-made customizations).
Additionally, GIMP reads `${XDG_CONFIG_HOME}/GIMP/3.0/gimp.css` so you
can have settings that only apply to GIMP.
You can also manually change the keybindings to any of your choice by
editing: `${XDG_CONFIG_HOME}/GIMP/3.0/shortcutsrc`.
Have fun,
Spencer Kimball
Peter Mattis
Federico Mena
Manish Singh
Sven Neumann
Michael Natterer
Dave Neary
Martin Nordholts
Jehan