Fluid Attacks Database

Description

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	gimp	>=0 <2.2.16-1	2.2.16-1
debian 12	gimp	>=0 <2.2.16-1	2.2.16-1
debian 11	gimp	>=0 <2.2.16-1	2.2.16-1
rpm rhel5	gimp	<2:2.2.13-2.0.7.el5	2:2.2.13-2.0.7.el5
debian 14	gimp	>=0 <2.2.16-1	2.2.16-1

Aliases

1. CVE-2006-45192. NVD-2006-45193. OSV-DEBIAN-2006-45194. OSV-2006-45195. SECURITY-TRACKER-CVE-2006-4519

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.