Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1178

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-1178
Last Modified 14 May 2013 11:17:03
Published 06 Jun 2011 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1178

Summary

Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Gnu Gimp 1.0.4

  • Gnu Gimp 1.2.5

  • Gnu Gimp 2.0.0

  • Gnu Gimp 2.0.1

  • Gnu Gimp 2.0.2

  • Gnu Gimp 2.0.3

  • Gnu Gimp 2.0.4

  • Gnu Gimp 2.0.5

  • Gnu Gimp 2.0.6

  • Gnu Gimp 2.2.0

  • Gnu Gimp 2.2.1

  • Gnu Gimp 2.2.10

  • Gnu Gimp 2.2.11

  • Gnu Gimp 2.2.12

  • Gnu Gimp 2.2.13

  • Gnu Gimp 2.2.14

  • Gnu Gimp 2.2.15

  • Gnu Gimp 2.2.16

  • Gnu Gimp 2.2.17

  • Gnu Gimp 2.2.2

  • Gnu Gimp 2.2.3

  • Gnu Gimp 2.2.4

  • Gnu Gimp 2.2.5

  • Gnu Gimp 2.2.6

  • Gnu Gimp 2.2.7

  • Gnu Gimp 2.2.8

  • Gnu Gimp 2.2.9

  • Gnu Gimp 2.4.0

  • Gnu Gimp 2.4.1

  • Gnu Gimp 2.4.2

  • Gnu Gimp 2.4.3

  • Gnu Gimp 2.4.4

  • Gnu Gimp 2.4.5

  • Gnu Gimp 2.4.6

  • Gnu Gimp 2.4.7

  • Gnu Gimp 2.6.0

  • Gnu Gimp 2.6.1

  • Gnu Gimp 2.6.10

  • Gnu Gimp 2.6.11

  • Gnu Gimp 2.6.2

  • Gnu Gimp 2.6.3

  • Gnu Gimp 2.6.4

  • Gnu Gimp 2.6.5

  • Gnu Gimp 2.6.6

  • Gnu Gimp 2.6.7

  • Gnu Gimp 2.6.8

  • Gnu Gimp 2.6.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=689831

CONFIRM - http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce

XF - gimp-pcximage-bo(67787)

BID - 48057

REDHAT - RHSA-2011:0838

REDHAT - RHSA-2011:0837

MANDRIVA - MDVSA-2011:110

SECTRACK - 1025586

GENTOO - GLSA-201209-23

SECUNIA - 50737


Last Updated: 27 May 2016 11:02:24