CVE-2006-3404
gimp - buffer overflow
EPSS 1.9%
Description
Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.
How to fix CVE-2006-3404
To remediate CVE-2006-3404, upgrade the affected package to a fixed version below.
- Debian/gimp—upgrade to 2.2.11-3.1 or later
- Debian/gimp—upgrade to 2.2.6-1sarge1 or later
Is CVE-2006-3404 being exploited?
Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.2.11-3.1
- from 0, < 2.2.6-1sarge1