PT-2011-1602 · Gnu+2 · Gimp+2

Huzaifa S. Sidhpurwala

·

Published

2011-01-07

·

Updated

2024-06-15

·

CVE-2010-4543

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions GIMP version 2.6.11
Description The issue is related to a heap-based buffer overflow in the read channel data function in the Paint Shop Pro (PSP) plugin. This can be triggered by a PSP COMP RLE (aka RLE compression) image file that begins a long run count at the end of the image, potentially allowing remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.
Recommendations For GIMP version 2.6.11, consider disabling the PSP plugin until a patch is available to prevent potential exploitation.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2010-4543
DSA-2426-1
OPENSUSE-SU-2024:10294-1
RHSA-2011:0837
RHSA-2011:0838
RHSA-2011:0839
RHSA-2011_0837
RHSA-2011_0838
RHSA-2011_0839

Affected Products

Gimp
Paint Shop Pro
Red Hat