GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability
The GIMP is the GNU Image Manipulation Program. It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages. Thge GIMP uses a plugin (gifload) to parse the GIF file format. The gifload has a DOS vulnerability when it processes some special GIF files.
GIMP use gifload.exe to load a GIF file. The gifload.exe did't check the value of width and height fields in image descriptor when read from GIF file(not the screen width and height field), it used its to generate a size to call g_malloc() and it did't check the return pointer value from g_malloc() yet before used the pointer. So if gifload.exe got 0 from the width or height field of image descriptor which read from the
GIF file, it crashed.
Change a normal gif file's image width value or image height value to 0 and open it using GIMP.exe to see the gifload.exe die! I tested it on GIMP version 2.2.3 & 2.0.5 for windows. But the laster version 2.2.4 for all
platform should be vulnerable.
Reported to vendor in Mar 2, 2005.
The above was posted and reported by Hongzhen Zhou at SecurityFocus Bugtraq
Windows Server 2003 and XP SP2 LAND attack vulnerability
Dejan Levaja reported that Windows Server 2003 and XP SP2 (with Windows Firewall turned off) are vulnerable to LAND attack.
LAND attack: Sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condition.
More info in SecurityFocus Bugtraq