CVE-2006-4519

NameCVE-2006-4519
DescriptionMultiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1335-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gimp (PTS)wheezy (security), wheezy2.8.2-2+deb7u1fixed
jessie2.8.14-1fixed
stretch2.8.16-1fixed
sid2.8.16-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gimpsource(unstable)2.2.16-1medium
gimpsourceetch2.2.13-1etch4mediumDSA-1335-1
gimpsourcesarge2.2.6-1sarge4mediumDSA-1335-1

Notes

Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD regression

Search for package or bug name: Reporting problems