CVE-2006-4519

NameCVE-2006-4519
DescriptionMultiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1335-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gimp (PTS)stretch (security), stretch2.8.18-1+deb9u1fixed
buster2.10.8-2fixed
bullseye2.10.22-4fixed
bookworm, sid2.10.30-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gimpsourcesarge2.2.6-1sarge4DSA-1335-1
gimpsourceetch2.2.13-1etch4DSA-1335-1
gimpsource(unstable)2.2.16-1medium

Notes

Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD regression

Search for package or bug name: Reporting problems