Fluid Attacks Database

Description

Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	gimp	>=0 <2.6.10-1	2.6.10-1
debian 11	gimp	>=0 <2.6.10-1	2.6.10-1
debian 12	gimp	>=0 <2.6.10-1	2.6.10-1
debian 14	gimp	>=0 <2.6.10-1	2.6.10-1
rpm rhel5	gimp	<2:2.2.13-2.0.7.el5_6.2	2:2.2.13-2.0.7.el5_6.2

Aliases

1. CVE-2011-11782. NVD-2011-11783. OSV-DEBIAN-2011-11784. OSV-2011-11785. SECURITY-TRACKER-CVE-2011-1178

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.