Oracle Solaris Third-Party Patch Update : gimp (cve_2012_3236_buffer_overflow)
Medium Nessus Plugin ID 80620
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
SolutionUpgrade to Solaris 11/11 SRU 11.4.