CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3741 – Gimp image loader multiple input validation flaws
https://notcve.org/view.php?id=CVE-2007-3741
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. Las extensiones 1) psp (también conocida como .tub), (2) bmp, (3) pcx, y (4) psd en gimp permite a atacantes remotos con la intervención del usuario provocar denegación de servicio (caida o cosumo de memoria) a través de archivos de imagen manipuladas, como se descubrió utilizando la herramienta fusil fuzzing. • http://osvdb.org/42128 http://osvdb.org/42129 http://osvdb.org/42130 http://osvdb.org/42131 http://secunia.com/advisories/26575 http://secunia.com/advisories/26939 http://www.mandriva.com/security/advisories?name=MDKSA-2007:170 http://www.redhat.com/support/errata/RHSA-2007-0513.html http://www.securityfocus.com/bid/25424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10099 https://access.redhat.com/security/cve/CVE-2007-3741 ht • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2005-3181
https://notcve.org/view.php?id=CVE-2005-3181
The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). • http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=829841146878e082613a49581ae252c071057c23 http://linux.bkbits.net:8080/linux-2.6/cset%404346883bQBeBd26syWTKX2CVC5bDcA http://secunia.com/advisories/17114 http://secunia.com/advisories/17280 http://secunia.com/advisories/17364 http://secunia.com/advisories/17826 http://secunia.com/advisories/17917 http://secunia.com/advisories/19374 http://www.debian.org/security/2006/dsa-1017 http://www.mandriva.com/security& • CWE-401: Missing Release of Memory after Effective Lifetime •