5.1

CVE-2006-3404

EPSS 1.91%
Published 06.07.2006 20:05:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

Affected products Warnungen 0 Metrics 2 CWE 1 References 34

Data is provided by the National Vulnerability Database (NVD)

Gimp ≫ Gimp Version < 2.2.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.91%	0.825

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://secunia.com/advisories/21459

Broken Link

http://www.novell.com/linux/security/advisories/2006_19_sr.html

Broken Link

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049

Third Party Advisory

http://bugzilla.gnome.org/show_bug.cgi?id=346742

Third Party Advisory

Issue Tracking

http://secunia.com/advisories/20976

Broken Link

http://secunia.com/advisories/20979

Broken Link

http://secunia.com/advisories/21069

Broken Link

http://secunia.com/advisories/21104

Broken Link

http://secunia.com/advisories/21170

Broken Link

http://secunia.com/advisories/21182

Broken Link

http://secunia.com/advisories/21198

Broken Link

http://secunia.com/advisories/23044

Broken Link

http://security.gentoo.org/glsa/glsa-200607-08.xml

Third Party Advisory

http://securitytracker.com/id?1016527

Third Party Advisory

Broken Link

VDB Entry

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102720-1

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200070-1

Broken Link

http://www.debian.org/security/2006/dsa-1116

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:127

Broken Link

http://www.osvdb.org/27037

Broken Link

http://www.redhat.com/support/errata/RHSA-2006-0598.html

Broken Link

http://www.securityfocus.com/archive/1/440987/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/archive/1/441012/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/archive/1/441030/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/18877

Patch

Third Party Advisory

Broken Link

VDB Entry

http://www.ubuntu.com/usn/usn-312-1

Third Party Advisory

http://www.vupen.com/english/advisories/2006/2703

Broken Link

http://www.vupen.com/english/advisories/2006/4634

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/27687

Third Party Advisory

VDB Entry

https://issues.rpath.com/browse/RPL-522

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11259

Tool Signature

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5908

Tool Signature

https://nvd.nist.gov/vuln/detail/CVE-2006-3404

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3404

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3404

EUVD