[email protected]CVE-2012-3236

HistoryJul 12, 2012 - 9:55 p.m.

CVE-2012-3236

2012-07-1221:55:00

CWE-476

[email protected]

web.nvd.nist.gov

gimp

cve-2012-3236

fits-io.c

denial of service

nvd

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.6%

JSON

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

CPENameOperatorVersion
gimp:gimpgimplt2.9.2

CPE	Name	Operator	Version
gimp:gimp	gimp	lt	2.9.2

References

archives.neohapsis.com/archives/bugtraq/2012-06/0192.html

git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c

lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html

www.exploit-db.com/exploits/19482

www.mandriva.com/security/advisories?name=MDVSA-2013:082

www.reactionpenetrationtesting.co.uk/FIT-file-handling-dos.html

www.securityfocus.com/bid/54246

www.ubuntu.com/usn/USN-1559-1

bugzilla.gnome.org/show_bug.cgi?id=676804

exchange.xforce.ibmcloud.com/vulnerabilities/76658

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for CVE-2012-3236

nessus6 debiancve1 prion1 ubuntucve1 exploitpack1 seebug1 exploitdb1 openvas4 securityvulns2 ubuntu1 suse1