There was a vulnearability found from libungif at version below 4.1.4 and it was fixed at (2005-10-19 08:54), which should be after 2.01 Firmware update was released.
More info about the exploit:
Patch for the exploit:
Proof-of-concept .gifs can be downloaded below, my 2.0 PSP crashes with bad1 and bad2 files, would be nice to hear how 2.01, 2.5 and 2.6 reacts for those. Bad2 is most likely the best for code execution due OOB write.
My experience with this kind of exploits is very limited so help would be appricieted, the hard part is to craft a right kind of .gif file and then we can probably use the same wallpaper as used with .tiff overflow exploit to run our own code.