CVE-2012-3236

Related Files

Mandriva Linux Security Advisory 2013-082

Posted Apr 10, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-082 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service via a malformed XTENSION header of a.fit file, as demonstrated using a long string.GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Additionally it fixes partial translations in several languages. This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution

systems | linux, mandriva

advisories | CVE-2012-3481, CVE-2012-3403, CVE-2012-3236, CVE-2012-5576

SHA-256 | 5eaae2aec299f35149b65e15fa71b0de901e1c8a4e1982ea1ee6034c3c19b62e

Download | Favorite | View

Ubuntu Security Notice USN-1559-1

Posted Sep 10, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1559-1 - Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. Various other issues were also addressed.

tags | advisory, arbitrary

systems | linux, ubuntu

advisories | CVE-2012-3236, CVE-2012-3403, CVE-2012-3481, CVE-2012-3236, CVE-2012-3403, CVE-2012-3481

SHA-256 | 424758cfe93d12a6c3cbc07557e8d64b2fd4af1f52d8a7be6d7a538b7429cd20

Download | Favorite | View

GIMP 2.8.0 Denial Of Service

Posted Jun 29, 2012

Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a file handling denial of service in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program. The flaw is triggered by opening a crafted 'fit' file or allowing the file explorer dialog to preview the file. Proof of concept included.

tags | exploit, denial of service, proof of concept

systems | linux, windows

advisories | CVE-2012-3236

SHA-256 | 0341418c409c2905c278b5539d3f0236be8f96cdfce5f9140782b205443ab209

Download | Favorite | View