CVE-2023-44444 - GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability

A new vulnerability, identified as CVE-2023-44444, has been discovered and reported in the widely used open source image editing software, GIMP (GNU Image Manipulation Program). This particular vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, meaning that the target must visit a malicious website or open a malicious file. The specific flaw exists within the parsing of PSP (PaintShop Pro) files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can take advantage of this vulnerability to execute code in the context of the current process. This vulnerability was previously identified as ZDI-CAN-22097.

Code Snippet

Here is a simplified example of the code snippet that demonstrates the off-by-one error within the parsing function of PSP files:

void vulnerable_psp_parsing_function(char *input_file) {
    FILE *fp;
    char buffer[1024];
    size_t read_bytes;

    fp = fopen(input_file, "rb");
    if (fp == NULL) {
        perror("Error opening file");
        return -1;
    }

    while ((read_bytes = fread(buffer, 1, sizeof(buffer) - 1, fp)) > ) {
        // Off-by-one error occurs here when determining target location
        char *ptr = buffer + read_bytes - 1;

        // Arbitrary code execution can be triggered with crafted data
        *ptr = '\';

        // Parsing logic follows...
    }

    fclose(fp);
}

Original References

1. Zero Day Initiative: ZDI-CAN-22097
2. GIMP Official Release Notes: GIMP 2.8.22
3. Vendor Advisory: GIMP Security Bulletin

Exploit Details

To exploit this vulnerability, an attacker must create a malicious PSP file with crafted data designed to trigger the off-by-one error. This malicious PSP file can then be shared via email or hosted on a website, tricking the user into downloading and opening the file with GIMP. Once the file is opened, the vulnerability can be exploited, leading to remote code execution in the context of the current process.

Mitigation

To mitigate this vulnerability, it is recommended to always be cautious when downloading and opening files from unknown sources. Additionally, ensure your GIMP installation is up-to-date, as the developers may release security patches to address the issue.

Conclusion

CVE-2023-44444 is a critical vulnerability affecting GIMP installations that could allow remote code execution through the manipulation of PSP file parsing. User interaction is required for exploitation, so it is essential to be cautious about opening files from untrusted sources. Keeping your GIMP installation updated helps ensure that you are protected from known vulnerabilities like this one.

Timeline

Published on: 05/03/2024 03:16:00 UTC
Last modified on: 05/03/2024 12:48:41 UTC