fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

The remote Solaris system is missing necessary patches to address security updates :

  - fits-io.c in GIMP before 2.8.1 allows remote attackers     to cause a denial of service (NULL pointer dereference     and application crash) via a malformed XTENSION header     of a .fit file, as demonstrated using a long string.
    (CVE-2012-3236)

Multiple integer overflows in various decoder plug-ins of GIMP have been fixed.

Updated gimp packages fix security vulnerabilities :

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3481).

A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3403).

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. (CVE-2012-3236)

GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution (CVE-2012-5576).

Additionally it fixes partial translations in several languages.

This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues.

This update of Gimp fixed a remotely exploitable buffer overflow in Script-Fu's server component as well as a NULL pointer dereference flaw in the fit format handler.

Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236)

Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
(CVE-2012-3403)

Matthias Weckbecker discovered that GIMP incorrectly handled malformed GIF image files. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
(CVE-2012-3481).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update of Gimp fixed a NULL pointer dereference flaw in the fit format handler.

ID	Name	Product	Family	Severity
80620	Oracle Solaris Third-Party Patch Update : gimp (cve_2012_3236_buffer_overflow)	Nessus	Solaris Local Security Checks	medium
74735	openSUSE Security Update : gimp (openSUSE-SU-2012:1080-1)	Nessus	SuSE Local Security Checks	high
66096	Mandriva Linux Security Advisory : gimp (MDVSA-2013:082)	Nessus	Mandriva Local Security Checks	high
64147	SuSE 11.1 Security Update : Gimp (SAT Patch Number 6542)	Nessus	SuSE Local Security Checks	high
62037	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : gimp vulnerabilities (USN-1559-1)	Nessus	Ubuntu Local Security Checks	medium
61453	SuSE 10 Security Update : Gimp (ZYPP Patch Number 8219)	Nessus	SuSE Local Security Checks	medium

Detections

Analytics

CVE-2012-3236

high

Tenable Plugins

medium

high

high

high

medium

medium