Launchpad.net

CVE 2012-3236

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

See the CVE page on Mitre.org for more details.