Vulnerability Details : CVE-2006-4519
Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2006-4519
Probability of exploitation activity in the next 30 days: 8.41%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-4519
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2006-4519
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-4519
-
http://www.securityfocus.com/bid/24835
Third Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2007-0513.html
Third Party Advisory
-
http://developer.gimp.org/NEWS-2.2
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:170
Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842
Tool Signature
-
http://bugzilla.gnome.org/show_bug.cgi?id=451379
Issue Tracking;Third Party Advisory
-
http://www.securitytracker.com/id?1018349
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2007/2471
Broken Link
-
http://www.ubuntu.com/usn/usn-494-1
Third Party Advisory
-
http://issues.foresightlinux.org/browse/FL-457
Broken Link
-
http://www.debian.org/security/2007/dsa-1335
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200707-09.xml
Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35308
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/475257/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551
Broken Link
Products affected by CVE-2006-4519
- cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*