Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 372975 (CVE-2011-1178) - <media-gfx/gimp-2.6.11: multiple integer overflows (CVE-2011-1178)
Summary: <media-gfx/gimp-2.6.11: multiple integer overflows (CVE-2011-1178)
Status: RESOLVED FIXED
Alias: CVE-2011-1178
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://git.gnome.org/browse/gimp/comm...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-25 12:44 UTC by GLSAMaker/CVETool Bot
Modified: 2012-09-28 11:43 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-25 12:44:04 UTC
CVE-2011-1178 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1178):
  Multiple integer overflows in the load_image function in file-pcx.c in the
  Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow
  remote attackers to cause a denial of service (application crash) or
  possibly execute arbitrary code via a crafted PCX image that triggers a
  heap-based buffer overflow.
Comment 1 Hanno Böck gentoo-dev 2011-07-31 10:01:45 UTC
Looking into this, it seems that this is a rather old issue that has been fixed in 2009, just the public disclosure of the bug happened recently.

The git commit you link is from 2009 and already applied on 2.6.11. So no need to act imho. Anyone disagrees?
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-08-20 03:32:14 UTC
Agreed. I manually checked the 2.6.11 source and it contains the fix. I do not however see a GLSA for this; added to existing request.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-09-28 11:43:19 UTC
This issue was resolved and addressed in
 GLSA 201209-23 at http://security.gentoo.org/glsa/glsa-201209-23.xml
by GLSA coordinator Sean Amoss (ackle).