Vulnerability Details : CVE-2011-1178
Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-1178
Probability of exploitation activity in the next 30 days: 2.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1178
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-1178
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1178
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:110
mandriva.comBroken Link
-
http://www.redhat.com/support/errata/RHSA-2011-0837.html
SupportBroken Link
-
http://securitytracker.com/id?1025586
GIMP Buffer Overflow in Processing PCX Image Files Lets Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-201209-23.xml
GIMP: Multiple vulnerabilities (GLSA 201209-23) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/48057
GIMP PCX Image Parsing Heap Buffer Overflow VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2011-0838.html
SupportBroken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=689831
689831 – (CVE-2011-1178) CVE-2011-1178 Gimp: Integer overflow in the PCX image file plug-inIssue Tracking;Patch;Third Party Advisory
-
http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce
PCX: Avoid allocation overflows. (a9671395) · Commits · GNOME / GIMP · GitLabPatch;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67787
GIMP PCX image buffer overflow CVE-2011-1178 Vulnerability ReportThird Party Advisory;VDB Entry
Products affected by CVE-2011-1178
- cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*