CVE-2012-3236
Published: 29 June 2012
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
Notes
Author | Note |
---|---|
jdstrand | POC: http://www.reactionpenetrationtesting.co.uk/advisories/vuln.fit |
Priority
Status
Package | Release | Status |
---|---|---|
gimp Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.6.8-2ubuntu1.5)
|
|
natty |
Released
(2.6.11-1ubuntu6.3)
|
|
oneiric |
Released
(2.6.11-2ubuntu4.1)
|
|
precise |
Released
(2.6.12-1ubuntu1.1)
|
|
upstream |
Needs triage
|
|
Patches: other: http://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c |