After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 778604 - CVE-2007-3126 - Gimp 2.3.14 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero,
CVE-2007-3126 - Gimp 2.3.14 allows context-dependent attackers to cause a den...
Status: RESOLVED FIXED
Product: GIMP
Classification: Other
Component: Plugins
2.8.20
Other All
: Normal normal
: 2.8
Assigned To: GIMP Bugs
GIMP Bugs
Depends on: CVE-2007-3126
Blocks:
 
 
Reported: 2017-02-14 12:41 UTC by Michael Schumacher
Modified: 2017-02-14 14:14 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Michael Schumacher 2017-02-14 12:41:14 UTC
+++ This bug was initially created as a clone of Bug #773233 +++

Found this in the Debian Security tracker at 
https://security-tracker.debian.org/tracker/source-package/gimp

https://security-tracker.debian.org/tracker/CVE-2007-3126
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3126

It's classified as unimportant, and I guess only the ICO plug-in crashes.

I can't find any evidence of this ever being brought to our attention, nor being addressed by us. It is possible that current versions of GIMP still suffer from the issue. I couldn't find any test files attached to any of the messages referenced by the various threads and sites, either.
Comment 1 Michael Schumacher 2017-02-14 12:43:43 UTC
Let's get this fixed in gimp-2-8 as well, this will help to clear up the security tracker and NVD listing, among others.
Comment 2 Michael Natterer 2017-02-14 14:14:09 UTC
Done:

commit 323ecb73f7bf36788fb7066eb2d6678830cd5de7
Author: Michael Natterer <mitch@gimp.org>
Date:   Sun Nov 6 21:34:43 2016 +0100

    Bug 773233 - CVE-2007-3126 - Gimp 2.3.14 allows context-dependent attackers...
    
    ...to cause a denial of service (crash) via an ICO file with an
    InfoHeader containing a Height of zero
    
    Add some error handling to ico-load.c and bail out on zero width or height
    icons. Also some formatting cleanup.
    
    (cherry picked from commit 46bcd82800e37b0f5aead76184430ef2fe802748)

 plug-ins/file-ico/ico-load.c | 103 ++++++++++++++++++++++++++++++++++++------------------------
 1 file changed, 62 insertions(+), 41 deletions(-)