CVE-2006-3404 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3404
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3404

Description: Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27687 UBUNTU http://www.ubuntu.com/usn/usn-312-1 SUSE http://www.novell.com/linux/security/advisories/2006_19_sr.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-200070-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102720-1 ST 1016527 SAID Secunia Advisory: SA21104 Secunia Advisory: SA21069 Secunia Advisory: SA20979 Secunia Advisory: SA20976 Secunia Advisory: SA21170 Secunia Advisory: SA21182 Secunia Advisory: SA21198 Secunia Advisory: SA23044 Secunia Advisory: SA21459 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0598.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5908 OSVDB 27037 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:127 GENTOO http://security.gentoo.org/glsa/glsa-200607-08.xml DEBIAN http://www.debian.org/security/2006/dsa-1116 CONFIRM http://bugzilla.gnome.org/show_bug.cgi?id=346742 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/440987/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/441012/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/441030/100/0/threaded BID 18877

Return to the previous page.