CVE-2011-1178

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-06-2011 09:55

Last modified: - 07-02-2022 06:50

Total changes: - 2

Description

Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

6.8

Base score

8.6

6.4

Exploitability score

Impact score

Verification logic

vendor=gimp AND product=gimp AND versionEndIncluding=2.7.0

Reference

http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce
https://bugzilla.redhat.com/show_bug.cgi?id=689831
1025586-Broken Link, Third Party Advisory, VDB Entry
48057-Broken Link, Third Party Advisory, VDB Entry
MDVSA-2011:110-Broken Link
RHSA-2011:0838-Broken Link
RHSA-2011:0837-Broken Link
50737-Broken Link
GLSA-201209-23-Third Party Advisory
gimp-pcximage-bo(67787)-Third Party Advisory, VDB Entry

Keywords

CVE-2011-1178

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2011-1178

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures