ID CVE-2006-3404
Summary Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.
References
Vulnerable Configurations
  • cpe:2.3:a:the_gimp_team:gimp:2.2.6
    cpe:2.3:a:the_gimp_team:gimp:2.2.6
  • cpe:2.3:a:the_gimp_team:gimp:2.2.8
    cpe:2.3:a:the_gimp_team:gimp:2.2.8
  • cpe:2.3:a:the_gimp_team:gimp:2.2.9
    cpe:2.3:a:the_gimp_team:gimp:2.2.9
  • cpe:2.3:a:the_gimp_team:gimp:2.2.11
    cpe:2.3:a:the_gimp_team:gimp:2.2.11
  • cpe:2.3:a:the_gimp_team:gimp:2.3.9
    cpe:2.3:a:the_gimp_team:gimp:2.3.9
CVSS
Base: 5.1 (as of 10-07-2006 - 11:58)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GIMP-UNSTABLE-1919.NASL
    description A buffer overflow was fixed in the xcf loader in GIMP that allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property. (CVE-2006-3404)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27238
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27238
    title openSUSE 10 Security Update : gimp-unstable (gimp-unstable-1919)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_122212-46.NASL
    description GNOME 2.6.0: GNOME Desktop Patch. Date this patch was last updated by Sun : Nov/10/12
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107378
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107378
    title Solaris 10 (sparc) : 122212-46
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200607-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200607-08 (GIMP: Buffer overflow) Henning Makholm discovered that the 'xcf_load_vector()' function is vulnerable to a buffer overflow when loading a XCF file with a large 'num_axes' value. Impact : An attacker could exploit this issue to execute arbitrary code by enticing a user to open a specially crafted XCF file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 22106
    published 2006-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22106
    title GLSA-200607-08 : GIMP: Buffer overflow
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_122213-46.NASL
    description GNOME 2.6.0_x86: GNOME Desktop Patch. Date this patch was last updated by Sun : Nov/10/12
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107880
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107880
    title Solaris 10 (x86) : 122213-46
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0598.NASL
    description Updated gimp packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Henning Makholm discovered a buffer overflow bug in The GIMP XCF file loader. An attacker could create a carefully crafted image that could execute arbitrary code if opened by a victim. (CVE-2006-3404) Please note that this issue did not affect the gimp packages in Red Hat Enterprise Linux 2.1, or 3. Users of The GIMP should update to these erratum packages which contain a backported fix to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22067
    published 2006-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22067
    title CentOS 4 : gimp (CESA-2006:0598)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-207-03.NASL
    description New gimp packages are available for Slackware 10.2 and -current to fix a possible security issue.
    last seen 2019-02-21
    modified 2015-03-19
    plugin id 22100
    published 2006-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22100
    title Slackware 10.2 / current : gimp (SSA:2006-207-03)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-312-1.NASL
    description Henning Makholm discovered that gimp did not sufficiently validate the 'num_axes' parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27887
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27887
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : gimp vulnerability (USN-312-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-127.NASL
    description A buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp 2.2.x allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23878
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23878
    title Mandrake Linux Security Advisory : gimp (MDKSA-2006:127)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0598.NASL
    description Updated gimp packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Henning Makholm discovered a buffer overflow bug in The GIMP XCF file loader. An attacker could create a carefully crafted image that could execute arbitrary code if opened by a victim. (CVE-2006-3404) Please note that this issue did not affect the gimp packages in Red Hat Enterprise Linux 2.1, or 3. Users of The GIMP should update to these erratum packages which contain a backported fix to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22071
    published 2006-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22071
    title RHEL 4 : gimp (RHSA-2006:0598)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_122212.NASL
    description GNOME 2.6.0: GNOME Desktop Patch. Date this patch was last updated by Sun : Nov/10/12 This plugin has been deprecated and either replaced with individual 122212 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 22970
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22970
    title Solaris 10 (sparc) : 122212-46 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GIMP-1921.NASL
    description A buffer overflow was fixed in the xcf loader in GIMP that allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property. (CVE-2006-3404)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27234
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27234
    title openSUSE 10 Security Update : gimp (gimp-1921)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1116.NASL
    description Henning Makholm discovered a buffer overflow in the XCF loading code of Gimp, an image editing program. Opening a specially crafted XCF image might cause the application to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22658
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22658
    title Debian DSA-1116-1 : gimp - buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GIMP-1920.NASL
    description A buffer overflow was fixed in the xcf loader in GIMP that allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property. (CVE-2006-3404)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29441
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29441
    title SuSE 10 Security Update : gimp (ZYPP Patch Number 1920)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_122213.NASL
    description GNOME 2.6.0_x86: GNOME Desktop Patch. Date this patch was last updated by Sun : Nov/10/12 This plugin has been deprecated and either replaced with individual 122213 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 23000
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23000
    title Solaris 10 (x86) : 122213-46 (deprecated)
oval via4
  • accepted 2013-04-29T04:12:44.806-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.
    family unix
    id oval:org.mitre.oval:def:11259
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.
    version 24
  • accepted 2008-10-20T04:00:25.426-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.
    family unix
    id oval:org.mitre.oval:def:5908
    status accepted
    submitted 2008-09-09T10:55:30.000-04:00
    title Security Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code
    version 32
redhat via4
advisories
bugzilla
id 198269
title CVE-2006-3404 gimp xcf buffer overflow
oval
AND
comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304001
rhsa
id RHSA-2006:0598
released 2006-07-18
severity Moderate
title RHSA-2006:0598: gimp security update (Moderate)
refmap via4
bid 18877
bugtraq
  • 20060724 ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow
  • 20060724 Re: [ GLSA 200607-08 ] GIMP: Buffer overflow
  • 20060724 rPSA-2006-0135-1 gimp
confirm
debian DSA-1116
gentoo GLSA-200607-08
mandriva MDKSA-2006:127
misc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049
osvdb 27037
sectrack 1016527
secunia
  • 20976
  • 20979
  • 21069
  • 21104
  • 21170
  • 21182
  • 21198
  • 21459
  • 23044
sunalert
  • 102720
  • 200070
suse SUSE-SR:2006:019
ubuntu USN-312-1
vupen
  • ADV-2006-2703
  • ADV-2006-4634
xf gimp-xcfloadvector-bo(27687)
Last major update 07-03-2011 - 21:38
Published 06-07-2006 - 16:05
Last modified 18-10-2018 - 12:47
Back to Top