CVE-2011-1178 — MEDIUM (6.8)

Q: How severe is CVE-2011-1178?

CVE-2011-1178 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1178?

Check the references section above for vendor advisories and patch information. Affected products include: Gimp Gimp.

Vulnerability Description

Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Gimp	Gimp	<= 2.7.0

Related Weaknesses (CWE)

CWE-190

References

http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216PatchThird Party Advisory
http://secunia.com/advisories/50737Broken Link
http://security.gentoo.org/glsa/glsa-201209-23.xmlThird Party Advisory
http://securitytracker.com/id?1025586Broken LinkThird Party AdvisoryVDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2011:110Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0837.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2011-0838.htmlBroken Link
http://www.securityfocus.com/bid/48057Broken LinkThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=689831Issue TrackingPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/67787Third Party AdvisoryVDB Entry
http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216PatchThird Party Advisory
http://secunia.com/advisories/50737Broken Link
http://security.gentoo.org/glsa/glsa-201209-23.xmlThird Party Advisory
http://securitytracker.com/id?1025586Broken LinkThird Party AdvisoryVDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2011:110Broken Link

FAQ

What is CVE-2011-1178?

CVE-2011-1178 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (applic...

How severe is CVE-2011-1178?

CVE-2011-1178 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1178?

Check the references section above for vendor advisories and patch information. Affected products include: Gimp Gimp.