CVE-2010-4540

Name of the Vulnerable Software and Affected Versions GIMP version 2.6.11

Description The issue is related to a stack-based buffer overflow in the load preset response function, which is part of the "LIGHTING EFFECTS > LIGHT" plugin. This can be triggered by a long Position field in a plugin configuration file, potentially allowing user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code. It is noted that obtaining a GIMP plugin configuration file from an untrusted source separate from the plugin distribution may be uncommon.

Recommendations For GIMP version 2.6.11, consider avoiding the use of plugin configuration files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, restrict the use of the "LIGHTING EFFECTS > LIGHT" plugin until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.