Full Disclosure mailing list archives
Re: [oss-security] RE: GIMP FIT File Format DoS
From: Benji <me () b3nji com>
Date: Sat, 30 Jun 2012 10:14:37 +0100
hey! let them having something to add to CV! Stop be fun police! Everyone know security isnt actually about security, just make CV look super cool. On Fri, Jun 29, 2012 at 10:45 PM, Morris, Patrick <patrick.morris () hp com> wrote:
-----Original Message----- From: Joseph Sheridan [mailto:joe () reactionis com] Sent: Friday, June 29, 2012 3:56 AM To: 'full-disclosure'; 'bugtraq'; secalert () securityreason com; bugs () securitytracker com; 'vuln'; vuln () security nnov ru; news () securiteam com; moderators () osvdb org; submissions () packetstormsecurity org; submit () cxsecurity com; oss- security () lists openwall com; bugs () securitytracker com Subject: GIMP FIT File Format DoS Summary ======= There is a file handling DoS in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to and including 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program.Is a crash in a single-user program really a security vulnerability? I could understand if there was evidence that this could lead to privilege escalation or other actual security issue, but this sounds like a garden-variety crash bug to me.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- GIMP FIT File Format DoS Joseph Sheridan (Jul 02)
- Re: GIMP FIT File Format DoS Morris, Patrick (Jul 02)
- Re: [oss-security] RE: GIMP FIT File Format DoS Benji (Jul 02)
- Re: [oss-security] RE: GIMP FIT File Format DoS taha (Jul 03)
- Re: [oss-security] RE: GIMP FIT File Format DoS Benji (Jul 02)
- Re: GIMP FIT File Format DoS Morris, Patrick (Jul 02)