CVE-2006-3404

Severity CVSS v4.0:
Pending analysis
Type:
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
06/07/2006
Last modified:
03/04/2025

Description

Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:* 2.2.12 (excluding)


References to Advisories, Solutions, and Tools