| Summary: | <media-gfx/gimp-2.6.12-r5: DoS via .fit files (CVE-2012-3236) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | hanno |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3236 | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 434580 | ||
| Bug Blocks: | |||
|
Description
GLSAMaker/CVETool Bot
2012-07-30 20:52:48 UTC
(In reply to comment #0) > CVE-2012-3236 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3236): > fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of > service (NULL pointer dereference and application crash) via a malformed > XTENSION header of a .fit file, as demonstrated using a long string. > > > Looking at the upstream commit [1], the 2.6 branch also appears to be > affected. Sorry, copy/paste malfunction. [1] http://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c +*gimp-2.6.12-r5 (22 Sep 2012) + + 22 Sep 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r5.ebuild, + +files/gimp-2.6.12-CVE-2012-3236.patch: + Apply upstream patch for CVE-2012-3236 (bug #428708) + Thanks, Sebastian. GLSA vote: no. Thanks, folks. GLSA Vote: no too, closing noglsa. |
