PublicDateAtUSN: 2011-06-08
Candidate: CVE-2011-1782
PublicDate: 2011-07-27 02:42:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1782
 https://ubuntu.com/security/notices/USN-1147-1
Description:
 Heap-based buffer overflow in the read_channel_data function in file-psp.c
 in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers
 to cause a denial of service (application crash) or possibly execute
 arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that
 begins a long run count at the end of the image.  NOTE: some of these
 details are obtained from third party information.  NOTE: this
 vulnerability exists because of an incomplete fix for CVE-2010-4543.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1782
Priority: medium
Discovered-by: Nils Philippsen
Assigned-to: 
CVSS: 

Patches_gimp:
 upstream: http://git.gnome.org/browse/gimp/commit?id=f657361db04de69ce003328724c59e3f942d7d15
upstream_gimp: needs-triage
hardy_gimp: ignored (reached end-of-life)
lucid_gimp: released (2.6.8-2ubuntu1.3)
maverick_gimp: released (2.6.10-1ubuntu3.3)
natty_gimp: released (2.6.11-1ubuntu6.1)
devel_gimp: released (2.6.11-2ubuntu2)