ID CVE-2006-4519
Summary Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
References
Vulnerable Configurations
  • cpe:2.3:a:the_gimp_team:gimp:2.2.3
    cpe:2.3:a:the_gimp_team:gimp:2.2.3
  • cpe:2.3:a:the_gimp_team:gimp:2.2.4
    cpe:2.3:a:the_gimp_team:gimp:2.2.4
  • cpe:2.3:a:the_gimp_team:gimp:2.2.6
    cpe:2.3:a:the_gimp_team:gimp:2.2.6
  • cpe:2.3:a:the_gimp_team:gimp:2.2.8
    cpe:2.3:a:the_gimp_team:gimp:2.2.8
  • cpe:2.3:a:the_gimp_team:gimp:2.2.9
    cpe:2.3:a:the_gimp_team:gimp:2.2.9
  • cpe:2.3:a:the_gimp_team:gimp:2.2.10
    cpe:2.3:a:the_gimp_team:gimp:2.2.10
  • cpe:2.3:a:the_gimp_team:gimp:2.2.11
    cpe:2.3:a:the_gimp_team:gimp:2.2.11
  • cpe:2.3:a:the_gimp_team:gimp:2.2.12
    cpe:2.3:a:the_gimp_team:gimp:2.2.12
  • cpe:2.3:a:the_gimp_team:gimp:2.2.14
    cpe:2.3:a:the_gimp_team:gimp:2.2.14
  • cpe:2.3:a:the_gimp_team:gimp:2.2.15
    cpe:2.3:a:the_gimp_team:gimp:2.2.15
CVSS
Base: 6.8 (as of 11-07-2007 - 08:42)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200707-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200707-09 (GIMP: Multiple integer overflows) Sean Larsson from iDefense Labs discovered multiple integer overflows in various GIMP plugins (CVE-2006-4519). Stefan Cornelius from Secunia Research discovered an integer overflow in the seek_to_and_unpack_pixeldata() function when processing PSD files (CVE-2007-2949). Impact : A remote attacker could entice a user to open a specially crafted image file, possibly resulting in the execution of arbitrary code with the privileges of the user running GIMP. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25791
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25791
    title GLSA-200707-09 : GIMP: Multiple integer overflows
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1335.NASL
    description Several remote vulnerabilities have been discovered in Gimp, the GNU Image Manipulation Program, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4519 Sean Larsson discovered several integer overflows in the processing code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file. - CVE-2007-2949 Stefan Cornelius discovered an integer overflow in the processing code for PSD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25744
    published 2007-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25744
    title Debian DSA-1335-1 : gimp - several vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0513.NASL
    description From Red Hat Security Advisory 2007:0513 : Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741) Users of The GIMP should update to these erratum packages, which contain a backported fix to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67527
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67527
    title Oracle Linux 3 / 4 / 5 : gimp (ELSA-2007-0513)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-494-1.NASL
    description Sean Larsson discovered multiple integer overflows in Gimp. By tricking a user into opening a specially crafted DICOM, PNM, PSD, PSP, RAS, XBM, or XWD image, a remote attacker could exploit this to execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28096
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28096
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : gimp vulnerability (USN-494-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GIMP-3993.NASL
    description Multiple gimp import filters contained integer overflows. Attackers could exploit that to potentially execute code by tricking users into opening specially crafted files. (CVE-2006-4519)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29444
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29444
    title SuSE 10 Security Update : gimp (ZYPP Patch Number 3993)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070926_GIMP_ON_SL5_X.NASL
    description Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60256
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60256
    title Scientific Linux Security Update : gimp on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-170.NASL
    description Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. (CVE-2006-4519) Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value. (CVE-2007-2949) Victor Stinner has discovered several flaws in file plug-ins using his fuzzyfier tool fusil. Several modified image files cause the plug-ins to crash or consume excessive amounts of memory due to insufficient input validation. Affected plug-ins: bmp, pcx, psd, psp (*.tub). (CVE-2007-3741) Updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25947
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25947
    title Mandrake Linux Security Advisory : gimp (MDKSA-2007:170)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GIMP-3995.NASL
    description Multiple gimp import filters contained integer overflows. Attackers could exploit that to potentially execute code by tricking users into opening specially crafted files (CVE-2006-4519).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27237
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27237
    title openSUSE 10 Security Update : gimp (gimp-3995)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0513.NASL
    description Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741) Users of The GIMP should update to these erratum packages, which contain a backported fix to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 26189
    published 2007-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26189
    title RHEL 2.1 / 3 / 4 / 5 : gimp (RHSA-2007:0513)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0513.NASL
    description Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741) Users of The GIMP should update to these erratum packages, which contain a backported fix to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26203
    published 2007-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26203
    title CentOS 3 / 4 / 5 : gimp (CESA-2007:0513)
oval via4
accepted 2013-04-29T04:09:16.111-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
family unix
id oval:org.mitre.oval:def:10842
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
version 25
redhat via4
advisories
rhsa
id RHSA-2007:0513
rpms
  • gimp-1:1.2.3-20.9.el3
  • gimp-devel-1:1.2.3-20.9.el3
  • gimp-perl-1:1.2.3-20.9.el3
  • gimp-1:2.0.5-7.0.7.el4
  • gimp-devel-1:2.0.5-7.0.7.el4
  • gimp-2:2.2.13-2.0.7.el5
  • gimp-devel-2:2.2.13-2.0.7.el5
  • gimp-libs-2:2.2.13-2.0.7.el5
refmap via4
bid 24835
bugtraq 20070801 FLEA-2007-0038-1 gimp
confirm
debian DSA-1335
gentoo GLSA-200707-09
idefense 20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities
mandriva MDKSA-2007:170
osvdb
  • 42139
  • 42140
  • 42141
  • 42142
  • 42143
  • 42144
  • 42145
sectrack 1018349
secunia
  • 26132
  • 26215
  • 26240
  • 26575
  • 26939
ubuntu USN-494-1
vupen ADV-2007-2471
xf gimp-plugins-code-execution(35308)
Last major update 05-11-2012 - 22:19
Published 10-07-2007 - 14:30
Last modified 17-10-2018 - 17:37
Back to Top