[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] GIMP FIT File Format DoS
From:       "Morris, Patrick" <patrick.morris () hp ! com>
Date:       2012-06-29 21:45:39
Message-ID: B70713EB4E55C84C963B37DE9E63011B50DBD6C6 () G4W3223 ! americas ! hpqcorp ! net
[Download RAW message or body]

> -----Original Message-----
> From: Joseph Sheridan [mailto:joe@reactionis.com]
> Sent: Friday, June 29, 2012 3:56 AM
> To: 'full-disclosure'; 'bugtraq'; secalert@securityreason.com;
> bugs@securitytracker.com; 'vuln'; vuln@security.nnov.ru;
> news@securiteam.com; moderators@osvdb.org;
> submissions@packetstormsecurity.org; submit@cxsecurity.com; oss-
> security@lists.openwall.com; bugs@securitytracker.com
> Subject: GIMP FIT File Format DoS
>
> Summary
> =======
>
> There is a file handling DoS in GIMP (the GNU Image Manipulation
> Program) for
> the 'fit' file format affecting all versions (Windows and Linux) up to
> and
> including 2.8.0. A file in the fit format with a malformed 'XTENSION'
> header
> will cause a crash in the GIMP program.

Is a crash in a single-user program really a security vulnerability? I could 
understand if there was evidence that this could lead to privilege escalation 
or other actual security issue, but this sounds like a garden-variety crash 
bug to me.

["smime.p7s" (application/x-pkcs7-signature)]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============0950512897==--


[prev in list] [next in list] [prev in thread] [next in thread]