An integer overflow, leading to heap-based buffer overflow, was found in The Gimp's Personal Computer eXchange (PCX) image file plug-in. A remote attacker could provide a specially-crafted PCX image file, which once opened by a local, unsuspecting user would lead to denial of service (GIMP PCX plug-in crash) or, potentially, arbitrary code execution with the privileges of the user running Gimp.
The CVE identifier of CVE-2011-1178 has been assigned to this issue.
Created attachment 486819 [details] Proposed fix from Nils Philippsen for gimp 2.2 branch
Created attachment 486820 [details] Proposed fix from Nils Philippsen for gimp 2.6 branch
Particular upstream git changeset: [1] http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce
This issue affects the versions of the gimp package, as shipped with Red Hat Enterprise Linux 4 and 5. -- This issue did NOT affect the version of the gimp package, as shipped with Red Hat Enterprise Linux 6, as this version already contains upstream change from [1]. -- This issue did NOT affect the versions of the gimp package, as shipped with Fedora release of 13 and 14, as those versions already contain upstream change from [1].
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0838 https://rhn.redhat.com/errata/RHSA-2011-0838.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2011:0837 https://rhn.redhat.com/errata/RHSA-2011-0837.html