CVE-2012-3236

Published: Jul 12, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

USN-1559-1

vendor-advisory

x_refsource_UBUNTU

http://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c

x_refsource_CONFIRM

19482

exploit

x_refsource_EXPLOIT-DB

http://www.reactionpenetrationtesting.co.uk/FIT-file-handling-dos.html

x_refsource_MISC

gimp-fit-dos(76658)

vdb-entry

x_refsource_XF

20120629 GIMP FIT File Format DoS

mailing-list

x_refsource_BUGTRAQ

MDVSA-2013:082

vendor-advisory

x_refsource_MANDRIVA

https://bugzilla.gnome.org/show_bug.cgi?id=676804

x_refsource_CONFIRM

openSUSE-SU-2012:1080

vendor-advisory

x_refsource_SUSE

54246

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-3236

Description

Affected Products

References