CVE-2006-4519

NameCVE-2006-4519
DescriptionMultiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1335-1
NVD severitymedium (attack range: remote, user-initiated)
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gimp (PTS)squeeze (security), squeeze2.6.10-1+squeeze4fixed
wheezy, wheezy (security)2.8.2-2+deb7u1fixed
sid, jessie2.8.14-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gimpsource(unstable)2.2.16-1medium
gimpsourceetch2.2.13-1etch4mediumDSA-1335-1
gimpsourcesarge2.2.6-1sarge4mediumDSA-1335-1

Notes

Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD regression

Search for package or bug name: Reporting problems