CVE-2011-1782
Published: 8 June 2011
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4543.
Priority
Status
Package | Release | Status |
---|---|---|
gimp Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.6.8-2ubuntu1.3)
|
|
maverick |
Released
(2.6.10-1ubuntu3.3)
|
|
natty |
Released
(2.6.11-1ubuntu6.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.gnome.org/browse/gimp/commit?id=f657361db04de69ce003328724c59e3f942d7d15 |