CVE-2010-4543

GIMP 2.6.11 - Heap-Based Buffer Overflow in PSP Plugin via RLE Compression

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4543. PoCs published by non customers.

AI-analyzed exploit summary This COBOL PoC exploits multiple stack-based buffer overflows in GIMP 2.6.11 by generating malformed files for specific filters (Lighting Effects, Sphere Designer, Gfig). The overflows are triggered by excessive 'A' characters in crafted input fields.

Description

Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by non customers · doslinux

https://www.exploit-db.com/exploits/35162

View Code ZIP pw:eip

This COBOL PoC exploits multiple stack-based buffer overflows in GIMP 2.6.11 by generating malformed files for specific filters (Lighting Effects, Sphere Designer, Gfig). The overflows are triggered by excessive 'A' characters in crafted input fields.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GIMP 2.6.11

No auth needed

Prerequisites: Ability to deliver crafted files to the target system · User interaction to open the files in GIMP

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2426

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201209-23.xml

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/70284

Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=666793

Broken Link vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0016

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0839.html

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0837.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0838.html

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/01/04/7

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44750

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42771

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50737

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/01/03/2

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48236

Exploit, Third Party Advisory x_refsource_misc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:103

Scores

EPSS 0.1627

EPSS Percentile 96.5%

Details

CWE

CWE-787

Status published

Products (1)

gimp/gimp 2.6.11

Published Jan 07, 2011

Tracked Since Feb 18, 2026