CVE-2006-4519

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 10-07-2007 08:30

Last modified: - 07-02-2022 06:56

Total changes: - 2

Description

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

6.8

Base score

8.6

6.4

Exploitability score

Impact score

Verification logic

vendor=gimp AND product=gimp AND versionEndExcluding=2.2.16

Reference

20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities-Broken Link
http://bugzilla.gnome.org/show_bug.cgi?id=451379
http://developer.gimp.org/NEWS-2.2
1018349-Third Party Advisory, VDB Entry
http://issues.foresightlinux.org/browse/FL-457
DSA-1335-Third Party Advisory
GLSA-200707-09-Third Party Advisory
MDKSA-2007:170-Broken Link
RHSA-2007:0513-Third Party Advisory
USN-494-1-Third Party Advisory
24835-Third Party Advisory, VDB Entry
26132-Broken Link
26215-Broken Link
26240-Broken Link
26575-Broken Link
26939-Broken Link
ADV-2007-2471-Broken Link
42145-Broken Link
42143-Broken Link
42141-Broken Link
42144-Broken Link
42140-Broken Link
42142-Broken Link
42139-Broken Link
gimp-plugins-code-execution(35308)-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:10842-Tool Signature
20070801 FLEA-2007-0038-1 gimp-Broken Link, Third Party Advisory, VDB Entry

Keywords

CVE-2006-4519

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2006-4519

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures