VulnerableCode Vulnerability Details - VCID-x2ak-3139-tucx

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-x2ak-3139-tucx

Essentials
Severities (3)
References (6)
Severity details (0)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-x2ak-3139-tucx
Aliases	CVE-2012-3236
Summary	fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
Status	Published
Exploitability	2.0
Weighted Severity	0.1
Risk	0.2
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-476

NULL Pointer Dereference

System	Score	Found at
epss	0.10077	https://api.first.org/data/v1/epss?cve=CVE-2012-3236
epss	0.10077	https://api.first.org/data/v1/epss?cve=CVE-2012-3236
epss	0.10077	https://api.first.org/data/v1/epss?cve=CVE-2012-3236

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3236.json
		https://api.first.org/data/v1/epss?cve=CVE-2012-3236
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3236
834627		https://bugzilla.redhat.com/show_bug.cgi?id=834627
CVE-2012-3236;OSVDB-83634	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/19482.txt
USN-1559-1		https://usn.ubuntu.com/1559-1/

Data source	Exploit-DB
Date added	June 30, 2012
Description	GIMP 2.8.0 - '.FIT' File Format Denial of Service
Ransomware campaign use	Unknown
Source publication date	June 30, 2012
Exploit type	dos
Platform	multiple
Source update date	June 30, 2012

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.93248
EPSS Score	0.10077
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:24:44.380834+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0