2018-10-10 20:46:06 |
orbitcowboy |
description |
Summary
Loading a specially prepared (invalid) XPM file, an attacker is able to crash the whole system, since too much dynamic memory is allocated.
Test environment
$ eog --version
GNOME Image Viewer 3.28.1
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Steps to reproduce
1) Open a terminal and start 'top' program to see the memory usage a program uses
2) Open a second terminal
a) Execute: $ eog eog_ctrl_mem.xpm
b) Observe how dynamic memory allocation increases by Eye of Gnome. Depending on the available resources, the system can crash.
Note: If the system is crashing/swapping depends on the available physical memory and
the amount of resources other applications already has allocated on the system.
I have experimented in a virtual box and it was easy to crash by changing the
with and height parameters in the XPM file.
Are other programs affected and how to they behave?
I have tested (GNU Image Manipulation Program version 2.8.22), which simply rejects the file with an error message and no additional memory is allocated.
Error Message from Gimp
"Opening 'eog_ctrl_mem.xpm' failed: X PixMap image plug-In could not open image"
Potential vulnerability
An attacker could prepare an invalid XPM-file (eog_ctrl_mem.xpm). In case user opens the file by double clicking, the system is able to crash due to the huge amount of memory allocated.
Best regards
Martin Ettl |
Summary
Loading a specially crafted (invalid) XPM file, an attacker is able to crash the whole system, since too much dynamic memory is allocated.
Test environment
$ eog --version
GNOME Image Viewer 3.28.1
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Steps to reproduce
1) Open a terminal and start the 'top' program to see the memory usage a program uses
2) Open a second terminal
a) Execute: $ eog eog_ctrl_mem.xpm
b) Observe how dynamic memory allocation increases by Eye of Gnome in terminal 1). Depending on the available resources, the system can crash.
Note: If the system is crashing/swapping depends on the available physical memory and the amount of resources other applications already has allocated on the system. I have experimented in a virtual box and it was easy to crash by changing the with and height parameters in the XPM file.
Are other programs affected and how they behave?
I have tested (GNU Image Manipulation Program version 2.8.22), which simply rejects the file with an error message and no additional memory is allocated.
Error Message from Gimp:
"Opening 'eog_ctrl_mem.xpm' failed: X PixMap image plug-In could not open image"
Potential vulnerability
An attacker could prepare an invalid XPM-file (e.g. eog_ctrl_mem.xpm). In case the user opens the file by double clicking, the system is able to crash due to the huge amount of memory allocated. Since Eye of Gnome is the default viewer on Ubuntu this is likely.
Best regards
Martin Ettl |
|