GNOME Image Viewer (EOG): invalid XPM file causes dynamic memory allocation

Summary

Loading a specially crafted (invalid) XPM file, an attacker is able to crash the whole system, since too much dynamic memory is allocated.

Test environment

$ eog --version
GNOME Image Viewer 3.28.1

Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic

Steps to reproduce
1) Open a terminal and start the 'top' program to see the memory usage a program uses
2) Open a second terminal
  a) Execute: $ eog eog_ctrl_mem.xpm
  b) Observe how dynamic memory allocation increases by Eye of Gnome in terminal 1). Depending on the available resources, the system can crash.

Note: If the system is crashing/swapping depends on the available physical memory and the amount of resources other applications already has allocated on the system. I have experimented in a virtual box and it was easy to crash by changing the with and height parameters in the XPM file.

Are other programs affected and how they behave?

I have tested (GNU Image Manipulation Program version 2.8.22), which simply rejects the file with an error message and no additional memory is allocated.
Error Message from Gimp:
"Opening 'eog_ctrl_mem.xpm' failed: X PixMap image plug-In could not open image"

Potential vulnerability

An attacker could prepare an invalid XPM-file (e.g. eog_ctrl_mem.xpm). In case the user opens the file by double clicking, the system is able to crash due to the huge amount of memory allocated. Since Eye of Gnome is the default viewer on Ubuntu this is likely.

Best regards

Martin Ettl