Vulnerabilities > CVE-2012-3236 - NULL Pointer Dereference vulnerability in Gimp
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | GIMP 2.8.0 FIT File Format DoS. CVE-2012-3236. Dos exploits for multiple platform |
| file | exploits/multiple/dos/19482.txt |
| id | EDB-ID:19482 |
| last seen | 2016-02-02 |
| modified | 2012-06-30 |
| platform | multiple |
| port | |
| published | 2012-06-30 |
| reporter | Joseph Sheridan |
| source | https://www.exploit-db.com/download/19482/ |
| title | GIMP 2.8.0 FIT File Format DoS |
| type | dos |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_GIMP-120713.NASL description This update of Gimp fixed a remotely exploitable buffer overflow in Script-Fu last seen 2020-06-05 modified 2013-01-25 plugin id 64147 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64147 title SuSE 11.1 Security Update : Gimp (SAT Patch Number 6542) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(64147); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2763", "CVE-2012-3236"); script_name(english:"SuSE 11.1 Security Update : Gimp (SAT Patch Number 6542)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update of Gimp fixed a remotely exploitable buffer overflow in Script-Fu's server component as well as a NULL pointer dereference flaw in the fit format handler." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763595" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=769565" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2763.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3236.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6542."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'GIMP script-fu Server Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp-plugins-python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-2.6.2-3.34.35.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-lang-2.6.2-3.34.35.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-plugins-python-2.6.2-3.34.35.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-2.6.2-3.34.35.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-lang-2.6.2-3.34.35.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-plugins-python-2.6.2-3.34.35.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-082.NASL description Updated gimp packages fix security vulnerabilities : An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 66096 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66096 title Mandriva Linux Security Advisory : gimp (MDVSA-2013:082) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:082. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(66096); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2012-3236", "CVE-2012-3403", "CVE-2012-3481", "CVE-2012-5576"); script_bugtraq_id(54246, 55101, 56647); script_xref(name:"MDVSA", value:"2013:082"); script_xref(name:"MGASA", value:"2012-0236"); script_xref(name:"MGASA", value:"2012-0286"); script_xref(name:"MGASA", value:"2012-0360"); script_name(english:"Mandriva Linux Security Advisory : gimp (MDVSA-2013:082)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated gimp packages fix security vulnerabilities : An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3481). A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3403). fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. (CVE-2012-3236) GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution (CVE-2012-5576). Additionally it fixes partial translations in several languages. This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gimp-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gimp2.0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gimp2.0_0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"gimp-2.8.2-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"gimp-python-2.8.2-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64gimp2.0-devel-2.8.2-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64gimp2.0_0-2.8.2-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_GIMP-8219.NASL description This update of Gimp fixed a NULL pointer dereference flaw in the fit format handler. last seen 2020-06-05 modified 2012-08-08 plugin id 61453 published 2012-08-08 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61453 title SuSE 10 Security Update : Gimp (ZYPP Patch Number 8219) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(61453); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-3236"); script_name(english:"SuSE 10 Security Update : Gimp (ZYPP Patch Number 8219)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of Gimp fixed a NULL pointer dereference flaw in the fit format handler." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3236.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8219."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/12"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"gimp-2.2.10-22.42.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"gimp-devel-2.2.10-22.42.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-543.NASL description Multiple integer overflows in various decoder plug-ins of GIMP have been fixed. last seen 2020-06-05 modified 2014-06-13 plugin id 74735 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74735 title openSUSE Security Update : gimp (openSUSE-SU-2012:1080-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-543. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74735); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2763", "CVE-2012-3236", "CVE-2012-3403", "CVE-2012-3481"); script_name(english:"openSUSE Security Update : gimp (openSUSE-SU-2012:1080-1)"); script_summary(english:"Check for the openSUSE-2012-543 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple integer overflows in various decoder plug-ins of GIMP have been fixed." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=724628" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763595" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=769565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=775433" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-09/msg00001.html" ); script_set_attribute(attribute:"solution", value:"Update the affected gimp packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'GIMP script-fu Server Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-help-browser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-help-browser-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-plugins-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-plugins-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/12"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"gimp-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"gimp-branding-upstream-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"gimp-debuginfo-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"gimp-debugsource-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"gimp-devel-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"gimp-devel-debuginfo-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"gimp-help-browser-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"gimp-help-browser-debuginfo-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"gimp-lang-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"gimp-plugins-python-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"gimp-plugins-python-debuginfo-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libgimp-2_0-0-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libgimp-2_0-0-debuginfo-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libgimpui-2_0-0-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libgimpui-2_0-0-debuginfo-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libgimp-2_0-0-32bit-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libgimp-2_0-0-debuginfo-32bit-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libgimpui-2_0-0-32bit-2.6.11-28.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libgimpui-2_0-0-debuginfo-32bit-2.6.11-28.26.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1559-1.NASL description Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236) Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 62037 published 2012-09-11 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62037 title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : gimp vulnerabilities (USN-1559-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1559-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(62037); script_version("1.8"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-3236", "CVE-2012-3403", "CVE-2012-3481"); script_bugtraq_id(54246, 55101); script_xref(name:"USN", value:"1559-1"); script_name(english:"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : gimp vulnerabilities (USN-1559-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236) Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. (CVE-2012-3403) Matthias Weckbecker discovered that GIMP incorrectly handled malformed GIF image files. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. (CVE-2012-3481). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1559-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected gimp package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gimp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/12"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"gimp", pkgver:"2.6.8-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"gimp", pkgver:"2.6.11-1ubuntu6.3")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"gimp", pkgver:"2.6.11-2ubuntu4.1")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"gimp", pkgver:"2.6.12-1ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp"); }NASL family Solaris Local Security Checks NASL id SOLARIS11_GIMP_20121009.NASL description The remote Solaris system is missing necessary patches to address security updates : - fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. (CVE-2012-3236) last seen 2020-06-01 modified 2020-06-02 plugin id 80620 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80620 title Oracle Solaris Third-Party Patch Update : gimp (cve_2012_3236_buffer_overflow) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80620); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-3236"); script_name(english:"Oracle Solaris Third-Party Patch Update : gimp (cve_2012_3236_buffer_overflow)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. (CVE-2012-3236)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/cve-2012-3236-buffer-overflow-vulnerability-in-gimp script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a19c29df" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 11.4."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:gimp"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^gimp$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.0.11.0.4.1", sru:"SRU 11.4") > 0) flag++; if (flag) { error_extra = 'Affected package : gimp\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "gimp");
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:73405 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-73405 |
| title | GIMP 2.8.0 FIT File Format DoS |
References
- http://www.securityfocus.com/bid/54246
- http://archives.neohapsis.com/archives/bugtraq/2012-06/0192.html
- http://www.reactionpenetrationtesting.co.uk/FIT-file-handling-dos.html
- http://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c
- https://bugzilla.gnome.org/show_bug.cgi?id=676804
- http://www.exploit-db.com/exploits/19482
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html
- http://www.ubuntu.com/usn/USN-1559-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:082
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76658