5.1

CVE-2006-3404

Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GimpGimp Version < 2.2.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.04% 0.912
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

http://secunia.com/advisories/21459
Broken Link
http://www.novell.com/linux/security/advisories/2006_19_sr.html
Broken Link
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049
Third Party Advisory
http://bugzilla.gnome.org/show_bug.cgi?id=346742
Third Party Advisory
Issue Tracking
http://secunia.com/advisories/20976
Broken Link
http://secunia.com/advisories/20979
Broken Link
http://secunia.com/advisories/21069
Broken Link
http://secunia.com/advisories/21104
Broken Link
http://secunia.com/advisories/21170
Broken Link
http://secunia.com/advisories/21182
Broken Link
http://secunia.com/advisories/21198
Broken Link
http://secunia.com/advisories/23044
Broken Link
http://security.gentoo.org/glsa/glsa-200607-08.xml
Third Party Advisory
http://securitytracker.com/id?1016527
Third Party Advisory
Broken Link
VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102720-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200070-1
Broken Link
http://www.debian.org/security/2006/dsa-1116
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:127
Broken Link
http://www.osvdb.org/27037
Broken Link
http://www.redhat.com/support/errata/RHSA-2006-0598.html
Broken Link
http://www.securityfocus.com/archive/1/440987/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/441012/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/441030/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/18877
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/usn-312-1
Third Party Advisory
http://www.vupen.com/english/advisories/2006/2703
Broken Link
http://www.vupen.com/english/advisories/2006/4634
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/27687
Third Party Advisory
VDB Entry
https://issues.rpath.com/browse/RPL-522
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11259
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5908
Tool Signature