VDB
CVE-2006-3404
CVE-2006-3404
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.
EPSS 1.91% · 83.6th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.91%
83.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| gimp | gimp | 0 |
Timeline
- Jul 6, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 1016527 vdb
- 27037 vdb
- 102720 vendor-advisory
- 200070 vendor-advisory
- 20060724 Re: [ GLSA 200607-08 ] GIMP: Buffer overflow mailing-list
- 21182 third-party-advisory
- 20060724 ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow mailing-list
- 18877 vdb
- GLSA-200607-08 vendor-advisory
- https://issues.rpath.com/browse/RPL-522 url
- 21459 third-party-advisory
- ADV-2006-2703 vdb
- SUSE-SR:2006:019 vendor-advisory
- RHSA-2006:0598 vendor-advisory
- http://bugzilla.gnome.org/show_bug.cgi?id=346742 url
- ADV-2006-4634 vdb
- 21170 third-party-advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049 url
- 23044 third-party-advisory
- DSA-1116 vendor-advisory
…and 12 more