ID CVE-2006-3005
Summary The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.
References
Vulnerable Configurations
  • Gentoo media-libs_jpeg 6b r2
    cpe:2.3:a:gentoo:media-libs_jpeg:6b:r2
  • Gentoo media-libs_jpeg 6b r3
    cpe:2.3:a:gentoo:media-libs_jpeg:6b:r3
  • Gentoo media-libs_jpeg 6b r4
    cpe:2.3:a:gentoo:media-libs_jpeg:6b:r4
  • Gentoo media-libs_jpeg 6b r5
    cpe:2.3:a:gentoo:media-libs_jpeg:6b:r5
  • Gentoo media-libs_jpeg 6b r6
    cpe:2.3:a:gentoo:media-libs_jpeg:6b:r6
  • Gentoo Linux
    cpe:2.3:o:gentoo:linux
CVSS
Base: 5.0 (as of 14-06-2006 - 07:16)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200606-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200606-11 (JPEG library: Denial of Service) Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature which is not recommended. Impact : By enticing a user to load a specially crafted JPEG image file an attacker could cause a Denial of Service, due to memory exhaustion. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21704
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21704
    title GLSA-200606-11 : JPEG library: Denial of Service
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 79961
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79961
    title GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
refmap via4
confirm http://bugs.gentoo.org/show_bug.cgi?id=130889
gentoo GLSA-200606-11
osvdb 26317
secunia 20563
xf jpeg-medialibs-dos(31451)
statements via4
contributor Mark J Cox
lastmodified 2006-08-24
organization Red Hat
statement Red Hat does not consider this a security issue. It is expected behavior that a large input file will cause the processing program to use a large amount of memory.
Last major update 05-09-2008 - 17:06
Published 13-06-2006 - 06:02
Last modified 19-07-2017 - 21:31
Back to Top