CVE-2010-4543 - OpenCVE

Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gimp	Gimp

Configuration 1 [-]

cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497	Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html	Third Party Advisory
http://openwall.com/lists/oss-security/2011/01/03/2	Exploit Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2011/01/04/7	Exploit Mailing List Third Party Advisory
http://osvdb.org/70284	Broken Link
http://secunia.com/advisories/42771	Broken Link
http://secunia.com/advisories/44750	Broken Link
http://secunia.com/advisories/48236	Broken Link
http://secunia.com/advisories/50737	Broken Link
http://security.gentoo.org/glsa/glsa-201209-23.xml	Third Party Advisory
http://www.debian.org/security/2012/dsa-2426	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:103	Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0837.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0838.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0839.html	Broken Link
http://www.vupen.com/english/advisories/2011/0016	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=666793	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2011-01-07T19:00:00

Updated: 2018-07-20T17:57:01

Reserved: 2010-12-09T00:00:00

Link: CVE-2010-4543

JSON object: View

NVD Information

Status : Modified

Published: 2011-01-07T20:00:05.140

Modified: 2023-11-07T02:06:22.990

Link: CVE-2010-4543

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-31T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-20T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-2426", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2426"}, {"name": "GLSA-201209-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"}, {"name": "70284", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/70284"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666793"}, {"name": "ADV-2011-0016", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0016"}, {"name": "RHSA-2011:0839", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html"}, {"name": "RHSA-2011:0837", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html"}, {"name": "SUSE-SR:2011:005", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"name": "RHSA-2011:0838", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html"}, {"name": "[oss-security] 20110104 Re: CVE request for buffer overflows in gimp", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/04/7"}, {"name": "44750", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44750"}, {"name": "42771", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42771"}, {"name": "50737", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50737"}, {"name": "[oss-security] 20110103 CVE request for buffer overflows in gimp", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/03/2"}, {"name": "48236", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48236"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497"}, {"name": "MDVSA-2011:103", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4543", "datePublished": "2011-01-07T19:00:00", "dateReserved": "2010-12-09T00:00:00", "dateUpdated": "2018-07-20T17:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "20EA4C96-C8EE-4970-863E-CF80926EC95A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Hay un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n read_channel_data en el archivo psp.c en el plugin Paint Shop Pro (PSP) en GIMP versi\u00f3n 2.6.11 permite a los atacantes remotos generar una denegaci\u00f3n de servicio (posible bloqueo de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un PSP_COMP_RLE Archivo de imagen (tambi\u00e9n se conoce como RLE compression) que comienza un conteo de ejecuci\u00f3n larga al final de la imagen. NOTA: algunos de estos detalles se obtienen a partir de informaci\u00f3n de terceros."}], "id": "CVE-2010-4543", "lastModified": "2023-11-07T02:06:22.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-07T20:00:05.140", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/01/03/2"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/01/04/7"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://osvdb.org/70284"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/42771"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/44750"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/48236"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/50737"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2426"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0016"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666793"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}