CVE-2010-4543

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 07-01-2011 09:00

Last modified: - 07-02-2022 06:51

Total changes: - 2

Description

Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

7.5

Base score

10.0

6.4

Exploitability score

Impact score

Verification logic

vendor=gimp AND product=gimp AND version=2.6.11

Reference

[oss-security] 20110103 CVE request for buffer overflows in gimp-Exploit, Mailing List, Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497
https://bugzilla.redhat.com/show_bug.cgi?id=666793
[oss-security] 20110104 Re: CVE request for buffer overflows in gimp-Exploit, Mailing List, Third Party Advisory
ADV-2011-0016-Broken Link
70284-Broken Link
42771-Broken Link
RHSA-2011:0837-Broken Link
RHSA-2011:0838-Broken Link
MDVSA-2011:103-Broken Link
RHSA-2011:0839-Broken Link
44750-Broken Link
50737-Broken Link
GLSA-201209-23-Third Party Advisory
SUSE-SR:2011:005-Third Party Advisory
48236-Broken Link
DSA-2426-Third Party Advisory

Keywords

CVE-2010-4543

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2010-4543

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures