GIMP 'fit' File Format Denial of Service Vulnerability

http://www.securityfocus.com/bid/54246

Security Info

Bugtraq ID:	54246
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2012-3236
Remote:	Yes
Local:	No
Published:	Jun 29 2012 12:00AM
Updated:	Jun 29 2012 12:00AM
Credit:	Joseph Sheridan
Vulnerable:	GIMP GIMP 2.6.7 GIMP GIMP 2.6.6 GIMP GIMP 2.4.6 GIMP GIMP 2.3.14 GIMP GIMP 2.3.10 GIMP GIMP 2.3.9 GIMP GIMP 2.2.17 GIMP GIMP 2.2.16 GIMP GIMP 2.2.15 GIMP GIMP 2.2.14 GIMP GIMP 2.2.12 GIMP GIMP 2.2.11 GIMP GIMP 2.2.8 GIMP GIMP 2.2.6 GIMP GIMP 2.2.4 GIMP GIMP 1.2.5 GIMP GIMP 2.8.0 GIMP GIMP 2.6.12 GIMP GIMP 2.6.11 GIMP GIMP 2.6.11

Not Vulnerable:

Security Discussion

GIMP is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause the application to crash, resulting in a denial-of-service condition.

GIMP 2.8.0 and prior are vulnerable.

Proof of Concept and Security Exploits

An exploit code is available. Please see the references for more information.

Security Solution(s)

Solution:
Vendor updates are available. Please see the references for more information.

Security References(s)

References:

GIMP Homepage (GIMP)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services