Vulnerability Report

CVE-2006-4519

RCE

Title: Gimp RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2006-4519.

CWE Category CWE-190

Published Date Jul 10, 2007

Modified Date Apr 09, 2025

Exploit Status Not Found

Score 6.8 CVSS v2.0

Exploit Probability (EPSS)

9.26%

Vulnerability Summary

CVE-2006-4519: Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

Impacted Vendors

gimp 1

gnu 1

Reference Links

http://bugzilla.gnome.org/show_bug.cgi?id=451379 http://developer.gimp.org/NEWS-2.2 http://issues.foresightlinux.org/browse/FL-457 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551 http://osvdb.org/42139 http://osvdb.org/42140 http://osvdb.org/42141 http://osvdb.org/42142 http://osvdb.org/42143 http://osvdb.org/42144 http://osvdb.org/42145 http://secunia.com/advisories/26132 http://secunia.com/advisories/26215 http://secunia.com/advisories/26240 http://secunia.com/advisories/26575 http://secunia.com/advisories/26939 http://security.gentoo.org/glsa/glsa-200707-09.xml http://www.debian.org/security/2007/dsa-1335 http://www.mandriva.com/security/advisories?name=MDKSA-2007:170 http://www.redhat.com/support/errata/RHSA-2007-0513.html http://www.securityfocus.com/archive/1/475257/100/0/threaded http://www.securityfocus.com/bid/24835 http://www.securitytracker.com/id?1018349 http://www.ubuntu.com/usn/usn-494-1 http://www.vupen.com/english/advisories/2007/2471 https://exchange.xforce.ibmcloud.com/vulnerabilities/35308 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842 http://bugzilla.gnome.org/show_bug.cgi?id=451379 http://developer.gimp.org/NEWS-2.2 http://issues.foresightlinux.org/browse/FL-457 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551 http://osvdb.org/42139 http://osvdb.org/42140 http://osvdb.org/42141 http://osvdb.org/42142 http://osvdb.org/42143 http://osvdb.org/42144 http://osvdb.org/42145 http://secunia.com/advisories/26132 http://secunia.com/advisories/26215 http://secunia.com/advisories/26240 http://secunia.com/advisories/26575 http://secunia.com/advisories/26939 http://security.gentoo.org/glsa/glsa-200707-09.xml http://www.debian.org/security/2007/dsa-1335 http://www.mandriva.com/security/advisories?name=MDKSA-2007:170 http://www.redhat.com/support/errata/RHSA-2007-0513.html http://www.securityfocus.com/archive/1/475257/100/0/threaded http://www.securityfocus.com/bid/24835 http://www.securitytracker.com/id?1018349 http://www.ubuntu.com/usn/usn-494-1 http://www.vupen.com/english/advisories/2007/2471 https://exchange.xforce.ibmcloud.com/vulnerabilities/35308 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

6.8

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2006-4519 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

July 10, 2007 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.