// For flags

CVE-2006-4519

GIMP multiple image loader integer overflows

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

Múltiples desbordamientos de búfer de entero en la extensión del cargador de imagen en GIMP anterior a 2.2.16 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de valores de longitud manipulados en archivos (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, y (7) XWD.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-08-31 CVE Reserved
  • 2007-07-10 CVE Published
  • 2024-06-20 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (29)
URL Tag Source
http://bugzilla.gnome.org/show_bug.cgi?id=451379 Issue Tracking
http://developer.gimp.org/NEWS-2.2 Broken Link
http://issues.foresightlinux.org/browse/FL-457 Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551 Broken Link
http://osvdb.org/42139 Broken Link
http://osvdb.org/42140 Broken Link
http://osvdb.org/42141 Broken Link
http://osvdb.org/42142 Broken Link
http://osvdb.org/42143 Broken Link
http://osvdb.org/42144 Broken Link
http://osvdb.org/42145 Broken Link
http://secunia.com/advisories/26132 Broken Link
http://secunia.com/advisories/26215 Broken Link
http://secunia.com/advisories/26240 Broken Link
http://secunia.com/advisories/26575 Broken Link
http://secunia.com/advisories/26939 Broken Link
http://www.securityfocus.com/archive/1/475257/100/0/threaded Broken Link
http://www.securityfocus.com/bid/24835 Third Party Advisory
http://www.securitytracker.com/id?1018349 Third Party Advisory
http://www.vupen.com/english/advisories/2007/2471 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/35308 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://security.gentoo.org/glsa/glsa-200707-09.xml 2022-02-07
http://www.debian.org/security/2007/dsa-1335 2022-02-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:170 2022-02-07
http://www.redhat.com/support/errata/RHSA-2007-0513.html 2022-02-07
http://www.ubuntu.com/usn/usn-494-1 2022-02-07
https://access.redhat.com/security/cve/CVE-2006-4519 2007-09-26
https://bugzilla.redhat.com/show_bug.cgi?id=247565 2007-09-26
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gimp
Search vendor "Gimp"
 Gimp
Search vendor "Gimp" for product "Gimp"
 < 2.2.16
Search vendor "Gimp" for product "Gimp" and version " < 2.2.16"
-
Affected