CVE-2023-44442: GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability - Exploit Details, Code Snippet, and Original References

A new vulnerability has been discovered (CVE-2023-44442) that affects GIMP, a popular open-source image editing tool. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP, provided that the target visits a malicious page or opens a malicious file. In this post, we'll examine the details of the vulnerability, share a code snippet to help understand it, and provide links to original references.

Exploit Details

The vulnerability exists within the parsing of Photoshop (PSD) files in GIMP. It is caused by the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can exploit this weakness to execute arbitrary code in the context of the current process. It is important to note that user interaction is required for this vulnerability to be exploited - the target must visit a malicious page or open a malicious file.

This specific flaw was previously identified as ZDI-CAN-22094 before being assigned its current CVE identifier.

The following code snippet shows an example of how the vulnerability could be exploited

      ...
      // Read the length of the user-supplied data
      guint32 user_data_length = read_data_from_psd_file();

      // Allocate memory for the buffer (lacking validation)
      gchar* heap_buffer = g_malloc(user_data_length);

      // Copy the user-supplied data to the heap-based buffer
      memcpy(heap_buffer, user_data, user_data_length); // Overflow occurs here
      ...

As shown in the code snippet, the length of user-supplied data is read from the PSD file, and memory is allocated for the buffer without validating the length. This lack of validation leads to a buffer overflow when the user-supplied data is copied to the heap-based buffer using memcpy().

Original References

The vulnerability was discovered and reported by the Zero Day Initiative, a program that rewards researchers for discovering and reporting software vulnerabilities. They published a detailed advisory on the flaw, which can be found at the following link:

- Zero Day Initiative Advisory - ZDI-CAN-22094

In addition, here are some other useful references that provide more information about the vulnerability:

- GIMP Official Website
- CVE Details Page - CVE-2023-44442

Conclusion

The discovery of CVE-2023-44442 highlights the importance of validating user-supplied data when developing software applications. Users of GIMP should ensure they are running the latest version of the software, which contains fixes for this and other vulnerabilities. Additionally, be cautious when opening PSD files from untrusted sources, as they could potentially contain malicious code that takes advantage of this vulnerability.

Timeline

Published on: 05/03/2024 03:15:59 UTC
Last modified on: 05/03/2024 12:48:41 UTC