Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3236

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3236
Last Modified 05 Dec 2013 12:15:13
Published 12 Jul 2012 05:55:06
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3236

Summary

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

Vulnerable Systems

Application

  • Gnu Gimp 2.2.0

  • Gnu Gimp 2.3.0

  • Gnu Gimp 2.3.3

  • Gnu Gimp 2.4.0

  • Gnu Gimp 2.5.0

  • Gnu Gimp 2.6.0

  • Gnu Gimp 2.6.11

  • Gnu Gimp 2.6.8

  • Gnu Gimp 2.7.0

  • Gnu Gimp 2.8.0


References

CONFIRM - http://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c

CONFIRM - https://bugzilla.gnome.org/show_bug.cgi?id=676804

XF - gimp-fit-dos(76658)

BID - 54246

MISC - http://www.reactionpenetrationtesting.co.uk/FIT-file-handling-dos.html

EXPLOIT-DB - 19482

BUGTRAQ - 20120629 GIMP FIT File Format DoS

SUSE - openSUSE-SU-2012:1080

UBUNTU - USN-1559-1

MANDRIVA - MDVSA-2013:082

Related Patches

Novell SUSE 2012:6542 gimp security update for SLED 11 SP1 i586

Novell SUSE 2012:6542 gimp security update for SLED 11 SP1 x86_64

Novell SUSE 2012:8219 gimp security update for SLED 10 SP4 i586

Novell SUSE 2012:8219 gimp security update for SLED 10 SP4 x86_64


Last Updated: 27 May 2016 10:54:52