Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-3236

Published: 12/07/2012 Updated: 07/02/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Gimp

Vulnerability Summary

fits-io.c in GIMP prior to 2.8.1 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gimp gimp

Vendor Advisories

Ubuntu Security Notice: gimp vulnerabilities
GIMP could be made to crash or run programs as your login if it opened a specially crafted file ...

Exploits

Exploit DB: GIMP 2.8.0 - '.FIT' File Format Denial of Service
Summary ======= There is a file handling DoS in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to and including 280 A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program CVE number: CVE-2012-3236 Vendor Homepage: wwwgimpo ...

References

CWE-476http://www.securityfocus.com/bid/54246http://archives.neohapsis.com/archives/bugtraq/2012-06/0192.htmlhttp://www.reactionpenetrationtesting.co.uk/FIT-file-handling-dos.htmlhttp://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163chttps://bugzilla.gnome.org/show_bug.cgi?id=676804http://www.exploit-db.com/exploits/19482http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.htmlhttp://www.ubuntu.com/usn/USN-1559-1http://www.mandriva.com/security/advisories?name=MDVSA-2013:082https://exchange.xforce.ibmcloud.com/vulnerabilities/76658https://usn.ubuntu.com/1559-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/19482/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook