PT-2011-1602 · Gnu+2 · Gimp+2

Huzaifa S. Sidhpurwala

·

Publicado

2011-01-07

·

Atualizado

2024-06-15

·

CVE-2010-4543

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions GIMP version 2.6.11
Description The issue is related to a heap-based buffer overflow in the read channel data function in the Paint Shop Pro (PSP) plugin. This can be triggered by a PSP COMP RLE (aka RLE compression) image file that begins a long run count at the end of the image, potentially allowing remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.
Recommendations For GIMP version 2.6.11, consider disabling the PSP plugin until a patch is available to prevent potential exploitation.

Exploit

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2010-4543
DSA-2426-1
OPENSUSE-SU-2024:10294-1
RHSA-2011:0837
RHSA-2011:0838
RHSA-2011:0839
RHSA-2011_0837
RHSA-2011_0838
RHSA-2011_0839

Produtos afetados

Gimp
Paint Shop Pro
Red Hat