CVE-2006-4519

Description

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

How to fix CVE-2006-4519

To remediate CVE-2006-4519, upgrade the affected package to a fixed version below.

• Debian/gimp—upgrade to 2.2.16-1 or later
• Debian/gimp—upgrade to 2.2.6-1sarge4 or later

Is CVE-2006-4519 being exploited?

Moderate — EPSS is 9.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 2.2.16-1
• from 0, < 2.2.6-1sarge4

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4519