Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 372975 (CVE-2011-1178)

Summary: <media-gfx/gimp-2.6.11: multiple integer overflows (CVE-2011-1178)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: hanno
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-25 12:44:04 UTC 
CVE-2011-1178 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1178):
  Multiple integer overflows in the load_image function in file-pcx.c in the
  Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow
  remote attackers to cause a denial of service (application crash) or
  possibly execute arbitrary code via a crafted PCX image that triggers a
  heap-based buffer overflow.
Comment 1 Hanno Böck gentoo-dev 2011-07-31 10:01:45 UTC 
Looking into this, it seems that this is a rather old issue that has been fixed in 2009, just the public disclosure of the bug happened recently.

The git commit you link is from 2009 and already applied on 2.6.11. So no need to act imho. Anyone disagrees?
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-08-20 03:32:14 UTC 
Agreed. I manually checked the 2.6.11 source and it contains the fix. I do not however see a GLSA for this; added to existing request.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-09-28 11:43:19 UTC 
This issue was resolved and addressed in
 GLSA 201209-23 at http://security.gentoo.org/glsa/glsa-201209-23.xml
by GLSA coordinator Sean Amoss (ackle).