Vulnerabilities > CVE-2011-1178 - Integer Overflow or Wraparound vulnerability in Gimp
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_GIMP-110531.NASL description A number of heap-based buffer overflows have been found in The Gimp affecting the PCX (CVE-2011-1178), SGI, GBR and PAT (CVE-2011-1782) plugins. The update fixes these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 54985 published 2011-06-07 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54985 title SuSE 11.1 Security Update : gimp (SAT Patch Number 4631) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(54985); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-1178", "CVE-2011-1782"); script_name(english:"SuSE 11.1 Security Update : gimp (SAT Patch Number 4631)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A number of heap-based buffer overflows have been found in The Gimp affecting the PCX (CVE-2011-1178), SGI, GBR and PAT (CVE-2011-1782) plugins. The update fixes these security issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=692877" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1178.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1782.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4631."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp-plugins-python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-2.6.2-3.34.31.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-lang-2.6.2-3.34.31.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-plugins-python-2.6.2-3.34.31.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-2.6.2-3.34.31.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-lang-2.6.2-3.34.31.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-plugins-python-2.6.2-3.34.31.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-23.NASL description The remote host is affected by the vulnerability described in GLSA-201209-23 (GIMP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62379 published 2012-09-29 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62379 title GLSA-201209-23 : GIMP: Multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0838.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 67082 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67082 title CentOS 5 : gimp (CESA-2011:0838) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-110.NASL description A vulnerability was discovered and corrected in gimp : Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow (CVE-2011-1178). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 55171 published 2011-06-20 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55171 title Mandriva Linux Security Advisory : gimp (MDVSA-2011:110) NASL family SuSE Local Security Checks NASL id SUSE_11_4_GIMP-110531.NASL description This update fixes various overflows : + CVE-2011-1178: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) + CVE-2011-1782: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) last seen 2020-06-01 modified 2020-06-02 plugin id 75849 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75849 title openSUSE Security Update : gimp (openSUSE-SU-2011:0586-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0838.NASL description From Red Hat Security Advisory 2011:0838 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 68279 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68279 title Oracle Linux 5 : gimp (ELSA-2011-0838) NASL family SuSE Local Security Checks NASL id SUSE_11_3_GIMP-110531.NASL description This update fixes various overflows : + CVE-2011-1178: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) + CVE-2011-1782: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) last seen 2020-06-01 modified 2020-06-02 plugin id 75514 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75514 title openSUSE Security Update : gimp (openSUSE-SU-2011:0586-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0837.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 54926 published 2011-06-01 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54926 title RHEL 4 : gimp (RHSA-2011:0837) NASL family Scientific Linux Local Security Checks NASL id SL_20110531_GIMP_ON_SL4_X.NASL description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61056 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61056 title Scientific Linux Security Update : gimp on SL4.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0838.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 54927 published 2011-06-01 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54927 title RHEL 5 : gimp (RHSA-2011:0838) NASL family Scientific Linux Local Security Checks NASL id SL_20110531_GIMP_ON_SL5_X.NASL description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61057 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61057 title Scientific Linux Security Update : gimp on SL5.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0837.NASL description From Red Hat Security Advisory 2011:0837 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 68278 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68278 title Oracle Linux 4 : gimp (ELSA-2011-0837) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0837.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 54936 published 2011-06-02 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54936 title CentOS 4 : gimp (CESA-2011:0837) NASL family SuSE Local Security Checks NASL id SUSE_GIMP-7543.NASL description A number of heap-based buffer overflows have been found in The Gimp affecting the PCX (CVE-2011-1178), SGI, GBR and PAT (CVE-2011-1782) plugins. The update fixes these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57199 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57199 title SuSE 10 Security Update : gimp (ZYPP Patch Number 7543)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce
- https://bugzilla.redhat.com/show_bug.cgi?id=689831
- http://securitytracker.com/id?1025586
- http://www.securityfocus.com/bid/48057
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:110
- http://www.redhat.com/support/errata/RHSA-2011-0838.html
- http://www.redhat.com/support/errata/RHSA-2011-0837.html
- http://secunia.com/advisories/50737
- http://security.gentoo.org/glsa/glsa-201209-23.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67787