CVE-2011-1178
Published: 6 June 2011
Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.
Notes
| Author | Note |
|---|---|
| mdeslaur | upstream commits are from 2009, so already included in lucid+ |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gimp Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Not vulnerable
(2.6.8-2ubuntu1.2)
|
|
| maverick |
Not vulnerable
(2.6.10-1ubuntu3.2)
|
|
| natty |
Not vulnerable
(2.6.11-1ubuntu6)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://git.gnome.org/browse/gimp/commit/?id=ed7f48be05d233607460ce331a5c07ebfa5830fa upstream: http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce |
||