> -----Original Message----- > From: Joseph Sheridan [mailto:joe@xxxxxxxxxxxxxx] > Sent: Friday, June 29, 2012 3:56 AM > To: 'full-disclosure'; 'bugtraq'; secalert@xxxxxxxxxxxxxxxxxx; > bugs@xxxxxxxxxxxxxxxxxxx; 'vuln'; vuln@xxxxxxxxxxxxxxxx; > news@xxxxxxxxxxxxxx; moderators@xxxxxxxxx; > submissions@xxxxxxxxxxxxxxxxxxxxxxx; submit@xxxxxxxxxxxxxx; oss- > security@xxxxxxxxxxxxxxxxxx; bugs@xxxxxxxxxxxxxxxxxxx > Subject: GIMP FIT File Format DoS > > Summary > ======= > > There is a file handling DoS in GIMP (the GNU Image Manipulation > Program) for > the 'fit' file format affecting all versions (Windows and Linux) up to > and > including 2.8.0. A file in the fit format with a malformed 'XTENSION' > header > will cause a crash in the GIMP program. Is a crash in a single-user program really a security vulnerability? I could understand if there was evidence that this could lead to privilege escalation or other actual security issue, but this sounds like a garden-variety crash bug to me.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/