CVE-2006-3404

 

Published at: - 06-07-2006 10:05

Last modified: - 07-02-2022 06:27

Total changes: - 2

Description

Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:H/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049
• http://bugzilla.gnome.org/show_bug.cgi?id=346742
• USN-312-1-Third Party Advisory
• 18877-Broken Link, Patch, Third Party Advisory, VDB Entry
• 27037-Broken Link
• 20976-Broken Link
• 20979-Broken Link
• RHSA-2006:0598-Broken Link
• 1016527-Broken Link, Third Party Advisory, VDB Entry
• 21069-Broken Link
• 21104-Broken Link
• https://issues.rpath.com/browse/RPL-522
• DSA-1116-Third Party Advisory
• GLSA-200607-08-Third Party Advisory
• 21170-Broken Link
• 21182-Broken Link
• 21198-Broken Link
• SUSE-SR:2006:019-Broken Link
• 102720-Broken Link
• 23044-Broken Link
• 21459-Broken Link
• MDKSA-2006:127-Broken Link
• 200070-Broken Link
• ADV-2006-2703-Broken Link
• ADV-2006-4634-Broken Link
• gimp-xcfloadvector-bo(27687)-Third Party Advisory, VDB Entry
• oval:org.mitre.oval:def:5908-Tool Signature
• oval:org.mitre.oval:def:11259-Tool Signature
• 20060724 rPSA-2006-0135-1 gimp-Broken Link, Third Party Advisory, VDB Entry
• 20060724 ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow-Broken Link, Third Party Advisory, VDB Entry
• 20060724 Re: [ GLSA 200607-08 ] GIMP: Buffer overflow-Broken Link, Third Party Advisory, VDB Entry

 

Keywords

NVD

 

CVE-2006-3404

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures