Comment 0 for bug 1797161

Summary

Loading a specially prepared (invalid) XPM file, an attacker is able to crash the whole system, since too much dynamic memory is allocated.

Test environment

$ eog --version
GNOME Image Viewer 3.28.1

Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic

Steps to reproduce
1) Open a terminal and start 'top' program to see the memory usage a program uses
2) Open a second terminal
  a) Execute: $ eog eog_ctrl_mem.xpm
  b) Observe how dynamic memory allocation increases by Eye of Gnome. Depending on the available resources, the system can crash.

Note: If the system is crashing/swapping depends on the available physical memory and
      the amount of resources other applications already has allocated on the system.
      I have experimented in a virtual box and it was easy to crash by changing the
      with and height parameters in the XPM file.

Are other programs affected and how to they behave?

I have tested (GNU Image Manipulation Program version 2.8.22), which simply rejects the file with an error message and no additional memory is allocated.
Error Message from Gimp
"Opening 'eog_ctrl_mem.xpm' failed: X PixMap image plug-In could not open image"

Potential vulnerability

An attacker could prepare an invalid XPM-file (eog_ctrl_mem.xpm). In case user opens the file by double clicking, the system is able to crash due to the huge amount of memory allocated.

Best regards

Martin Ettl