CVE-2006-3404

Properties

Published:
05.07.2006
Updated:
28.08.2006
Patch available:
Severity:
Medium
CVSS vector:
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Product:
The GIMP Team: GIMP
The GIMP Team: GIMP
The GIMP Team: GIMP
The GIMP Team: GIMP
The GIMP Team: GIMP

Vulnerability description

Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

References:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049
http://bugzilla.gnome.org/show_bug.cgi?id=346742: http://bugzilla.gnome.org/show_bug.cgi?id=346742
UBUNTU: http://www.ubuntu.com/usn/usn-312-1
BID: http://www.securityfocus.com/bid/18877
FRSIRT: http://www.frsirt.com/english/advisories/2006/2703
OSVDB: http://www.osvdb.org/27037
SECUNIA: http://secunia.com/advisories/20976
SECUNIA: http://secunia.com/advisories/20979
XF: http://xforce.iss.net/xforce/xfdb/27687
MANDRIVA: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:127
REDHAT: http://www.redhat.com/support/errata/RHSA-2006-0598.html
SECTRACK: http://securitytracker.com/id?1016527
SECUNIA: http://secunia.com/advisories/21069
SECUNIA: http://secunia.com/advisories/21104
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/441030/100/0/threaded
https://issues.rpath.com/browse/RPL-522: https://issues.rpath.com/browse/RPL-522
DEBIAN: http://www.debian.org/security/2006/dsa-1116
GENTOO: http://security.gentoo.org/glsa/glsa-200607-08.xml
SECUNIA: http://secunia.com/advisories/21170
SECUNIA: http://secunia.com/advisories/21182
SECUNIA: http://secunia.com/advisories/21198
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/441012/100/0/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/440987/100/0/threaded
SUSE: http://www.novell.com/linux/security/advisories/2006_19_sr.html