CVE-2012-3236

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 12-07-2012 11:55

Last modified: - 07-02-2022 07:40

Total changes: - 2

Description

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.3

Base score

8.6

2.9

Exploitability score

Impact score

Verification logic

vendor=gimp AND product=gimp AND versionEndExcluding=2.9.2

Reference

54246-Broken Link, Third Party Advisory, VDB Entry
20120629 GIMP FIT File Format DoS-Broken Link, Exploit
http://www.reactionpenetrationtesting.co.uk/FIT-file-handling-dos.html
http://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c
https://bugzilla.gnome.org/show_bug.cgi?id=676804
19482-Exploit, Third Party Advisory, VDB Entry
openSUSE-SU-2012:1080-Third Party Advisory
USN-1559-1-Third Party Advisory
MDVSA-2013:082-Broken Link
gimp-fit-dos(76658)-Third Party Advisory, VDB Entry

Keywords

CVE-2012-3236

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-3236

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures