Candidate: CVE-2011-1178
PublicDate: 2011-06-06 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1178
Description:
 Multiple integer overflows in the load_image function in file-pcx.c in the
 Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow
 remote attackers to cause a denial of service (application crash) or
 possibly execute arbitrary code via a crafted PCX image that triggers a
 heap-based buffer overflow.
Ubuntu-Description:
Notes:
 mdeslaur> upstream commits are from 2009, so already included in lucid+
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=689831
Priority: medium
Discovered-by: Jan Lieskovsky
Assigned-to:
CVSS: 

Patches_gimp:
 upstream: http://git.gnome.org/browse/gimp/commit/?id=ed7f48be05d233607460ce331a5c07ebfa5830fa
 upstream: http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce
upstream_gimp: needs-triage
hardy_gimp: ignored (reached end-of-life)
lucid_gimp: not-affected (2.6.8-2ubuntu1.2)
maverick_gimp: not-affected (2.6.10-1ubuntu3.2)
natty_gimp: not-affected (2.6.11-1ubuntu6)
devel_gimp: not-affected (2.6.11-2ubuntu1)