Bug 834627 (CVE-2012-3236) - CVE-2012-3236 gimp: NULL pointer deref crash when reading FIT file with crafted XTENSION header
Summary: CVE-2012-3236 gimp: NULL pointer deref crash when reading FIT file with craft...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2012-3236
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 836517
Blocks: 834633
TreeView+ depends on / blocked
 
Reported: 2012-06-22 15:47 UTC by Jan Lieskovsky
Modified: 2021-02-23 14:28 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-29 11:31:32 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNOME Bugzilla 676804 0 None None None 2012-06-22 17:51:00 UTC
Novell 769565 0 None None None 2012-07-02 11:12:44 UTC

Description Jan Lieskovsky 2012-06-22 15:47:15 UTC
A denial of service flaw was found in the way GIMP, GNU Image Manipulation Program, processed certain FIT format files. A remote attacker could provide a FIT format file with specially-crafted value of the 'XTENSION' header that, when opened would cause the gimp executable to crash.

References:
[1] http://www.reactionpenetrationtesting.co.uk/advisories/FIT-handling-DoS.html
[2] http://www.reactionpenetrationtesting.co.uk/advisories/vuln.fit

Comment 3 Jan Lieskovsky 2012-06-22 16:00:02 UTC
Acknowledgements:

Red Hat would like to thank Joseph Sheridan for reporting this issue.

Comment 6 Stefan Cornelius 2012-06-29 11:27:55 UTC
Public now:
http://www.openwall.com/lists/oss-security/2012/06/29/3

Comment 7 Stefan Cornelius 2012-06-29 11:30:22 UTC
Created gimp tracking bugs for this issue

Affects: fedora-all [bug 836517]

Comment 8 Stefan Cornelius 2012-06-29 11:31:10 UTC
Statement:

We do not consider a user-assisted crash of a client application such as Gimp to be a security issue.


Note You need to log in before you can comment on or make changes to this bug.