Vulnerability Report

CVE-2006-3404

RCE

Title: Gimp RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2006-3404.

CWE Category CWE-120

Published Date Jul 06, 2006

Modified Date Apr 03, 2025

Exploit Status Not Found

Score 5.1 CVSS v2.0

Exploit Probability (EPSS)

1.91%

Vulnerability Summary

CVE-2006-3404: Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

Impacted Vendors

gimp 1

gnu 1

Reference Links

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049 http://bugzilla.gnome.org/show_bug.cgi?id=346742 http://secunia.com/advisories/20976 http://secunia.com/advisories/20979 http://secunia.com/advisories/21069 http://secunia.com/advisories/21104 http://secunia.com/advisories/21170 http://secunia.com/advisories/21182 http://secunia.com/advisories/21198 http://secunia.com/advisories/21459 http://secunia.com/advisories/23044 http://security.gentoo.org/glsa/glsa-200607-08.xml http://securitytracker.com/id?1016527 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102720-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200070-1 http://www.debian.org/security/2006/dsa-1116 http://www.mandriva.com/security/advisories?name=MDKSA-2006:127 http://www.novell.com/linux/security/advisories/2006_19_sr.html http://www.osvdb.org/27037 http://www.redhat.com/support/errata/RHSA-2006-0598.html http://www.securityfocus.com/archive/1/440987/100/0/threaded http://www.securityfocus.com/archive/1/441012/100/0/threaded http://www.securityfocus.com/archive/1/441030/100/0/threaded http://www.securityfocus.com/bid/18877 http://www.ubuntu.com/usn/usn-312-1 http://www.vupen.com/english/advisories/2006/2703 http://www.vupen.com/english/advisories/2006/4634 https://exchange.xforce.ibmcloud.com/vulnerabilities/27687 https://issues.rpath.com/browse/RPL-522 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11259 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5908 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049 http://bugzilla.gnome.org/show_bug.cgi?id=346742 http://secunia.com/advisories/20976 http://secunia.com/advisories/20979 http://secunia.com/advisories/21069 http://secunia.com/advisories/21104 http://secunia.com/advisories/21170 http://secunia.com/advisories/21182 http://secunia.com/advisories/21198 http://secunia.com/advisories/21459 http://secunia.com/advisories/23044 http://security.gentoo.org/glsa/glsa-200607-08.xml http://securitytracker.com/id?1016527 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102720-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200070-1 http://www.debian.org/security/2006/dsa-1116 http://www.mandriva.com/security/advisories?name=MDKSA-2006:127 http://www.novell.com/linux/security/advisories/2006_19_sr.html http://www.osvdb.org/27037 http://www.redhat.com/support/errata/RHSA-2006-0598.html http://www.securityfocus.com/archive/1/440987/100/0/threaded http://www.securityfocus.com/archive/1/441012/100/0/threaded http://www.securityfocus.com/archive/1/441030/100/0/threaded http://www.securityfocus.com/bid/18877 http://www.ubuntu.com/usn/usn-312-1 http://www.vupen.com/english/advisories/2006/2703 http://www.vupen.com/english/advisories/2006/4634 https://exchange.xforce.ibmcloud.com/vulnerabilities/27687 https://issues.rpath.com/browse/RPL-522 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11259 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5908

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

5.1

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:H/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2006-3404 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

July 06, 2006 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:H/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.