Full Disclosure mailing list archives
Re: GIMP FIT File Format DoS
From: "Morris, Patrick" <patrick.morris () hp com>
Date: Fri, 29 Jun 2012 21:45:39 +0000
-----Original Message----- From: Joseph Sheridan [mailto:joe () reactionis com] Sent: Friday, June 29, 2012 3:56 AM To: 'full-disclosure'; 'bugtraq'; secalert () securityreason com; bugs () securitytracker com; 'vuln'; vuln () security nnov ru; news () securiteam com; moderators () osvdb org; submissions () packetstormsecurity org; submit () cxsecurity com; oss- security () lists openwall com; bugs () securitytracker com Subject: GIMP FIT File Format DoS Summary ======= There is a file handling DoS in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to and including 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program.
Is a crash in a single-user program really a security vulnerability? I could understand if there was evidence that this could lead to privilege escalation or other actual security issue, but this sounds like a garden-variety crash bug to me.
Attachment:
smime.p7s
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- GIMP FIT File Format DoS Joseph Sheridan (Jul 02)
- Re: GIMP FIT File Format DoS Morris, Patrick (Jul 02)
- Re: [oss-security] RE: GIMP FIT File Format DoS Benji (Jul 02)
- Re: [oss-security] RE: GIMP FIT File Format DoS taha (Jul 03)
- Re: [oss-security] RE: GIMP FIT File Format DoS Benji (Jul 02)
- Re: GIMP FIT File Format DoS Morris, Patrick (Jul 02)