CVE-2011-1178

Current Description

Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.

Basic Data

PublishedJune 06, 2011
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGimpGimp2.6.8*******
    2.3ApplicationGimpGimp********2.6.11
    2.3ApplicationGnuGimp1.0.4*******
    2.3ApplicationGnuGimp1.2.5*******
    2.3ApplicationGnuGimp2.0.0*******
    2.3ApplicationGnuGimp2.0.1*******
    2.3ApplicationGnuGimp2.0.2*******
    2.3ApplicationGnuGimp2.0.3*******
    2.3ApplicationGnuGimp2.0.4*******
    2.3ApplicationGnuGimp2.0.5*******
    2.3ApplicationGnuGimp2.0.6*******
    2.3ApplicationGnuGimp2.2.0*******
    2.3ApplicationGnuGimp2.2.1*******
    2.3ApplicationGnuGimp2.2.2*******
    2.3ApplicationGnuGimp2.2.3*******
    2.3ApplicationGnuGimp2.2.4*******
    2.3ApplicationGnuGimp2.2.5*******
    2.3ApplicationGnuGimp2.2.6*******
    2.3ApplicationGnuGimp2.2.7*******
    2.3ApplicationGnuGimp2.2.8*******
    2.3ApplicationGnuGimp2.2.9*******
    2.3ApplicationGnuGimp2.2.10*******
    2.3ApplicationGnuGimp2.2.11*******
    2.3ApplicationGnuGimp2.2.12*******
    2.3ApplicationGnuGimp2.2.13*******
    2.3ApplicationGnuGimp2.2.14*******
    2.3ApplicationGnuGimp2.2.15*******
    2.3ApplicationGnuGimp2.2.16*******
    2.3ApplicationGnuGimp2.2.17*******
    2.3ApplicationGnuGimp2.4.0*******
    2.3ApplicationGnuGimp2.4.1*******
    2.3ApplicationGnuGimp2.4.2*******
    2.3ApplicationGnuGimp2.4.3*******
    2.3ApplicationGnuGimp2.4.4*******
    2.3ApplicationGnuGimp2.4.5*******
    2.3ApplicationGnuGimp2.4.6*******
    2.3ApplicationGnuGimp2.4.7*******
    2.3ApplicationGnuGimp2.6.0*******
    2.3ApplicationGnuGimp2.6.1*******
    2.3ApplicationGnuGimp2.6.2*******
    2.3ApplicationGnuGimp2.6.3*******
    2.3ApplicationGnuGimp2.6.4*******
    2.3ApplicationGnuGimp2.6.5*******
    2.3ApplicationGnuGimp2.6.6*******
    2.3ApplicationGnuGimp2.6.7*******
    2.3ApplicationGnuGimp2.6.9*******
    2.3ApplicationGnuGimp2.6.10*******

Vulnerable Software List

VendorProductVersions
Gimp Gimp *, 2.6.8
Gnu Gimp 1.0.4, 1.2.5, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.2.0, 2.2.1, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.2.15, 2.2.16, 2.2.17, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.6.0, 2.6.1, 2.6.10, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.9

References

NameSourceURLTags
http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6cehttp://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ceCONFIRMPatch
50737http://secunia.com/advisories/50737SECUNIA
GLSA-201209-23http://security.gentoo.org/glsa/glsa-201209-23.xmlGENTOO
1025586http://securitytracker.com/id?1025586SECTRACK
MDVSA-2011:110http://www.mandriva.com/security/advisories?name=MDVSA-2011:110MANDRIVA
RHSA-2011:0837http://www.redhat.com/support/errata/RHSA-2011-0837.htmlREDHAT
RHSA-2011:0838http://www.redhat.com/support/errata/RHSA-2011-0838.htmlREDHAT
48057http://www.securityfocus.com/bid/48057BID
https://bugzilla.redhat.com/show_bug.cgi?id=689831https://bugzilla.redhat.com/show_bug.cgi?id=689831CONFIRMPatch
gimp-pcximage-bo(67787)https://exchange.xforce.ibmcloud.com/vulnerabilities/67787XF