National Cyber Awareness System

Vulnerability Summary for CVE-2006-4519

Overview

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2007-2471

Hyperlink:http://www.vupen.com/english/advisories/2007/2471

External Source: SECTRACK

Name: 1018349

Hyperlink:http://www.securitytracker.com/id?1018349

External Source: OVAL

Name: oval:org.mitre.oval:def:10842

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10842

External Source: OSVDB

Name: 42145

Hyperlink:http://osvdb.org/42145

External Source: OSVDB

Name: 42144

Hyperlink:http://osvdb.org/42144

External Source: OSVDB

Name: 42143

Hyperlink:http://osvdb.org/42143

External Source: OSVDB

Name: 42142

Hyperlink:http://osvdb.org/42142

External Source: OSVDB

Name: 42141

Hyperlink:http://osvdb.org/42141

External Source: OSVDB

Name: 42140

Hyperlink:http://osvdb.org/42140

External Source: OSVDB

Name: 42139

Hyperlink:http://osvdb.org/42139

External Source: IDEFENSE

Name: 20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities

Type: Advisory

Hyperlink:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551

External Source: CONFIRM

Name: http://developer.gimp.org/NEWS-2.2

Hyperlink:http://developer.gimp.org/NEWS-2.2

External Source: CONFIRM

Name: http://bugzilla.gnome.org/show_bug.cgi?id=451379

Hyperlink:http://bugzilla.gnome.org/show_bug.cgi?id=451379

External Source: XF

Name: gimp-plugins-code-execution(35308)

Hyperlink:http://xforce.iss.net/xforce/xfdb/35308

External Source: UBUNTU

Name: USN-494-1

Hyperlink:http://www.ubuntu.com/usn/usn-494-1

External Source: BID

Name: 24835

Hyperlink:http://www.securityfocus.com/bid/24835

External Source: BUGTRAQ

Name: 20070801 FLEA-2007-0038-1 gimp

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/475257/100/0/threaded

External Source: REDHAT

Name: RHSA-2007:0513

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0513.html

External Source: MANDRIVA

Name: MDKSA-2007:170

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:170

External Source: DEBIAN

Name: DSA-1335

Hyperlink:http://www.debian.org/security/2007/dsa-1335

External Source: GENTOO

Name: GLSA-200707-09

Hyperlink:http://security.gentoo.org/glsa/glsa-200707-09.xml

External Source: SECUNIA

Name: 26939

Hyperlink:http://secunia.com/advisories/26939

External Source: SECUNIA

Name: 26575

Hyperlink:http://secunia.com/advisories/26575

External Source: SECUNIA

Name: 26240

Hyperlink:http://secunia.com/advisories/26240

External Source: SECUNIA

Name: 26215

Hyperlink:http://secunia.com/advisories/26215

External Source: SECUNIA

Name: 26132

Hyperlink:http://secunia.com/advisories/26132

External Source: CONFIRM

Name: http://issues.foresightlinux.org/browse/FL-457

Hyperlink:http://issues.foresightlinux.org/browse/FL-457

References to Check Content

Identifier:oval:org.mitre.oval:def:10842

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10842