Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-4519

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

Published

2007-07-10T18:30:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gimp	gimp	< 2.2.16	Yes

References

http://bugzilla.gnome.org/show_bug.cgi?id=451379 Issue Tracking, Third Party Advisory ([email protected])
http://developer.gimp.org/NEWS-2.2 Broken Link ([email protected])
http://issues.foresightlinux.org/browse/FL-457 Broken Link ([email protected])
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551 Broken Link ([email protected])
http://osvdb.org/42139 Broken Link ([email protected])
http://osvdb.org/42140 Broken Link ([email protected])
http://osvdb.org/42141 Broken Link ([email protected])
http://osvdb.org/42142 Broken Link ([email protected])
http://osvdb.org/42143 Broken Link ([email protected])
http://osvdb.org/42144 Broken Link ([email protected])
http://osvdb.org/42145 Broken Link ([email protected])
http://secunia.com/advisories/26132 Broken Link ([email protected])
http://secunia.com/advisories/26215 Broken Link ([email protected])
http://secunia.com/advisories/26240 Broken Link ([email protected])
http://secunia.com/advisories/26575 Broken Link ([email protected])
http://secunia.com/advisories/26939 Broken Link ([email protected])
http://security.gentoo.org/glsa/glsa-200707-09.xml Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1335 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:170 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0513.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/475257/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/24835 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1018349 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-494-1 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/2471 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/35308 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842 Tool Signature ([email protected])
http://bugzilla.gnome.org/show_bug.cgi?id=451379 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://developer.gimp.org/NEWS-2.2 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://issues.foresightlinux.org/browse/FL-457 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/42139 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/42140 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/42141 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/42142 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/42143 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/42144 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/42145 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26132 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26215 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26240 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26575 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26939 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200707-09.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1335 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:170 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0513.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/475257/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/24835 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018349 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-494-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/2471 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35308 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842 Tool Signature (af854a3a-2127-422b-91ae-364da2661108)