Your submission was sent successfully! Close

CVE-2012-3236

Published: 29 June 2012

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

Notes

AuthorNote
jdstrand
POC: http://www.reactionpenetrationtesting.co.uk/advisories/vuln.fit
Priority

Low

Status

Package Release Status
gimp
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (2.6.8-2ubuntu1.5)
natty
Released (2.6.11-1ubuntu6.3)
oneiric
Released (2.6.11-2ubuntu4.1)
precise
Released (2.6.12-1ubuntu1.1)
upstream Needs triage

Patches:
other: http://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c