CVE-2006-4519

Sažetak

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551
http://bugzilla.gnome.org/show_bug.cgi?id=451379
http://developer.gimp.org/NEWS-2.2
http://www.securitytracker.com/id?1018349
http://issues.foresightlinux.org/browse/FL-457
http://www.debian.org/security/2007/dsa-1335
http://security.gentoo.org/glsa/glsa-200707-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:170
http://www.redhat.com/support/errata/RHSA-2007-0513.html
http://www.ubuntu.com/usn/usn-494-1
http://www.securityfocus.com/bid/24835
http://secunia.com/advisories/26132
http://secunia.com/advisories/26215
http://secunia.com/advisories/26240
http://secunia.com/advisories/26575
http://secunia.com/advisories/26939
http://www.vupen.com/english/advisories/2007/2471
http://osvdb.org/42145
http://osvdb.org/42143
http://osvdb.org/42141
http://osvdb.org/42144
http://osvdb.org/42140
http://osvdb.org/42142
http://osvdb.org/42139
https://exchange.xforce.ibmcloud.com/vulnerabilities/35308
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842
http://www.securityfocus.com/archive/1/475257/100/0/threaded

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-02-2022 - 17:56

Objavljeno

10-07-2007 - 18:30