Title : Gimp "xcf_load_vector()" XCF File Handling Client-Side Buffer Overflow Vulnerability VUPEN ID : VUPEN/ADV-2006-2703 CVE ID : CVE-2006-3404
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-07-07
Technical Description
A vulnerability has been identified in Gimp, which could be exploited by attackers to execute arbitrary commands or cause a denial of service. This flaw is due to a buffer overflow error in the "xcf_load_vector()" [app/xcf/xcf-load.c] function when parsing XCF files with a large "num_axes" value, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code by tricking a user into opening a specially crafted image.
