CVE-2011-1178
Published: 6 June 2011
Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.
Notes
Author | Note |
---|---|
mdeslaur | upstream commits are from 2009, so already included in lucid+ |
Priority
Status
Package | Release | Status |
---|---|---|
gimp Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(2.6.8-2ubuntu1.2)
|
|
maverick |
Not vulnerable
(2.6.10-1ubuntu3.2)
|
|
natty |
Not vulnerable
(2.6.11-1ubuntu6)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.gnome.org/browse/gimp/commit/?id=ed7f48be05d233607460ce331a5c07ebfa5830fa upstream: http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce |