CVE-2006-4519

Name: CVE-2006-4519
Creator: NVD / NIST
Published: 2007-07-10T18:30:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.60%

Last modified Jun 16, 2026

CVE-2006-4519 is a vulnerability of currently unknown severity. Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.. EPSS estimates a 5.60% chance of exploitation in the next 30 days.

Description

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

Metrics

EPSS Probability

5.60%

91.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-190

Affected Software

Vendor	Product	Versions
Gimp	Gimp	< 2.2.16

References

http://bugzilla.gnome.org/show_bug.cgi?id=451379Issue Tracking, Third Party Advisory
http://developer.gimp.org/NEWS-2.2Broken Link
http://issues.foresightlinux.org/browse/FL-457Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551Broken Link
http://osvdb.org/42139Broken Link
http://osvdb.org/42140Broken Link
http://osvdb.org/42141Broken Link
http://osvdb.org/42142Broken Link
http://osvdb.org/42143Broken Link
http://osvdb.org/42144Broken Link
http://osvdb.org/42145Broken Link
http://secunia.com/advisories/26132Broken Link
http://secunia.com/advisories/26215Broken Link
http://secunia.com/advisories/26240Broken Link
http://secunia.com/advisories/26575Broken Link
http://secunia.com/advisories/26939Broken Link
http://security.gentoo.org/glsa/glsa-200707-09.xmlThird Party Advisory
http://www.debian.org/security/2007/dsa-1335Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:170Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0513.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/475257/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/24835Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1018349Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-494-1Third Party Advisory
http://www.vupen.com/english/advisories/2007/2471Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/35308Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842Tool Signature
http://bugzilla.gnome.org/show_bug.cgi?id=451379Issue Tracking, Third Party Advisory
http://developer.gimp.org/NEWS-2.2Broken Link
http://issues.foresightlinux.org/browse/FL-457Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551Broken Link
http://osvdb.org/42139Broken Link
http://osvdb.org/42140Broken Link
http://osvdb.org/42141Broken Link
http://osvdb.org/42142Broken Link
http://osvdb.org/42143Broken Link
http://osvdb.org/42144Broken Link
http://osvdb.org/42145Broken Link
http://secunia.com/advisories/26132Broken Link
http://secunia.com/advisories/26215Broken Link
http://secunia.com/advisories/26240Broken Link
http://secunia.com/advisories/26575Broken Link
http://secunia.com/advisories/26939Broken Link
http://security.gentoo.org/glsa/glsa-200707-09.xmlThird Party Advisory
http://www.debian.org/security/2007/dsa-1335Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:170Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0513.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/475257/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/24835Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1018349Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-494-1Third Party Advisory
http://www.vupen.com/english/advisories/2007/2471Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/35308Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842Tool Signature

Timeline

Published: Jul 10, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-4519?

How severe is CVE-2006-4519?

Severity scoring for CVE-2006-4519 is pending analysis. The EPSS model estimates a 5.60% probability of exploitation in the next 30 days.

How do I fix CVE-2006-4519?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-4519?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST