Vulnerability Name:

CVE-2006-4519 (CCN-35308)

Assigned:2006-08-31
Published:2007-07-09
Updated:2022-02-07
Summary:Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-190
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
http://bugzilla.gnome.org/show_bug.cgi?id=451379

Source: MITRE
Type: CNA
CVE-2006-4519

Source: CONFIRM
Type: Broken Link
http://developer.gimp.org/NEWS-2.2

Source: CONFIRM
Type: Broken Link
http://issues.foresightlinux.org/browse/FL-457

Source: IDEFENSE
Type: Broken Link
20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities

Source: OSVDB
Type: Broken Link
42139

Source: OSVDB
Type: Broken Link
42140

Source: OSVDB
Type: Broken Link
42141

Source: OSVDB
Type: Broken Link
42142

Source: OSVDB
Type: Broken Link
42143

Source: OSVDB
Type: Broken Link
42144

Source: OSVDB
Type: Broken Link
42145

Source: CCN
Type: RHSA-2007-0513
Moderate: gimp security update

Source: SECUNIA
Type: Broken Link
26132

Source: SECUNIA
Type: Broken Link
26215

Source: SECUNIA
Type: Broken Link
26240

Source: SECUNIA
Type: Broken Link
26575

Source: SECUNIA
Type: Broken Link
26939

Source: GENTOO
Type: Third Party Advisory
GLSA-200707-09

Source: CCN
Type: SECTRACK ID: 1018349
GIMP Integer Overflows in Processing DICOM, PNM, PSD, PSP, Sun RAS, XBM, and XWD Files Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2007-457
GIMP security update (RHSA-2007-0513)

Source: DEBIAN
Type: Third Party Advisory
DSA-1335

Source: DEBIAN
Type: DSA-1335
gimp -- several vulnerabilities

Source: CCN
Type: GLSA-200707-09
GIMP: Multiple integer overflows

Source: CCN
Type: GIMP Web site
GIMP - The GNU Image Manipulation Program

Source: MANDRIVA
Type: Broken Link
MDKSA-2007:170

Source: CCN
Type: OSVDB ID: 42139
GIMP DICOM Plugin Crafted Image Length Value Handling Overflow

Source: CCN
Type: OSVDB ID: 42140
GIMP PNM Plugin Crafted Image Length Value Handling Overflow

Source: CCN
Type: OSVDB ID: 42141
GIMP PSD Plugin Crafted Image Length Value Handling Overflow

Source: CCN
Type: OSVDB ID: 42142
GIMP PSP Plugin Crafted Image Length Value Handling Overflow

Source: CCN
Type: OSVDB ID: 42143
GIMP Sun RAS Plugin Crafted Image Length Value Handling Overflow

Source: CCN
Type: OSVDB ID: 42144
GIMP XBM Plugin Crafted Image Length Value Handling Overflow

Source: CCN
Type: OSVDB ID: 42145
GIMP XWD Plugin Crafted Image Length Value Handling Overflow

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0513

Source: BUGTRAQ
Type: Broken Link, Third Party Advisory, VDB Entry
20070801 FLEA-2007-0038-1 gimp

Source: BID
Type: Third Party Advisory, VDB Entry
24835

Source: CCN
Type: BID-24835
GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1018349

Source: CCN
Type: USN-494-1
Gimp vulnerability

Source: UBUNTU
Type: Third Party Advisory
USN-494-1

Source: VUPEN
Type: Broken Link
ADV-2007-2471

Source: XF
Type: Third Party Advisory, VDB Entry
gimp-plugins-code-execution(35308)

Source: XF
Type: UNKNOWN
gimp-plugins-code-execution(35308)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 07.09.07
Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities

Source: OVAL
Type: Tool Signature
oval:org.mitre.oval:def:10842

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gimp:gimp:*:*:*:*:*:*:*:* (Version < 2.2.16)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gimp:gimp:2.2.15:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::es:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20064519
    V
    		CVE-2006-4519
    2015-11-16
    oval:org.mitre.oval:def:19721
    P
    		DSA-1335-1 gimp
    2014-06-23
    oval:org.mitre.oval:def:21780
    P
    		ELSA-2007:0513: gimp security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:10842
    V
    		Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
    2013-04-29
    oval:com.redhat.rhsa:def:20070513
    P
    		RHSA-2007:0513: gimp security update (Moderate)
    2008-03-20
    oval:org.debian:def:1335
    V
    		several vulnerabilities
    2007-07-18
    BACK
    gimp gimp *
    gimp gimp 2.2.15
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z