Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2006-AVI-488
Vulnerability from certfr_avis - Published: - Updated:None
Description
Imlib2 est une bibliothèque de fonctions destinées à manipuler et afficher des images dans différents formats. Certaines applications dépendent de cette bibliothèque de fonction.
Des vulnérabilités affectent cette bibliothèque de fonctions. Elles peuvent être exploitées pour commettre un déni de service et potentiellement compromettre le système au travers des applications qui utilise cette bibliothèque.
Les vulnérabilités sont dûes à des erreurs dans le traitement d'images au format JPG, ARGB, PNG, LBM, PNM, TIFF et TGA.
L'exploitation peut être obtenue par un individu mal intentioné qui serait à même de convaincre une victime d'ouvrir une image astucieusement construite avec une application s'appuyant sur une version vulnérable de la bibliothèque.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions de la bibliothèque de fonctions Imlib2 compilées à partir de sources antérieures à la version 1.2.0-2.2.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eLes versions de la biblioth\u00e8que de fonctions \u003cTT\u003eImlib2\u003c/TT\u003e compil\u00e9es \u00e0 partir de sources ant\u00e9rieures \u00e0 la version 1.2.0-2.2.\u003c/P\u003e",
"content": "## Description\n\nImlib2 est une biblioth\u00e8que de fonctions destin\u00e9es \u00e0 manipuler et\nafficher des images dans diff\u00e9rents formats. Certaines applications\nd\u00e9pendent de cette biblioth\u00e8que de fonction.\n\nDes vuln\u00e9rabilit\u00e9s affectent cette biblioth\u00e8que de fonctions. Elles\npeuvent \u00eatre exploit\u00e9es pour commettre un d\u00e9ni de service et\npotentiellement compromettre le syst\u00e8me au travers des applications qui\nutilise cette biblioth\u00e8que.\n\nLes vuln\u00e9rabilit\u00e9s sont d\u00fbes \u00e0 des erreurs dans le traitement d\u0027images\nau format JPG, ARGB, PNG, LBM, PNM, TIFF et TGA.\n\nL\u0027exploitation peut \u00eatre obtenue par un individu mal intention\u00e9 qui\nserait \u00e0 m\u00eame de convaincre une victime d\u0027ouvrir une image\nastucieusement construite avec une application s\u0027appuyant sur une\nversion vuln\u00e9rable de la biblioth\u00e8que.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4806"
},
{
"name": "CVE-2006-4809",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4809"
},
{
"name": "CVE-2006-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4807"
},
{
"name": "CVE-2006-4808",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4808"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200612-20 du 20 d\u00e9cembre 2006 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200612-20.xml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-376-1 du 03 novembre 2006 :",
"url": "http://www.ubuntulinux.org/usn/usn-376-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2006:026 du 17 novembre 2006 :",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-376-2 du 03 novembre 2006 :",
"url": "http://www.ubuntulinux.org/usn/usn-376-2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:198 du 06 novembre 2006 :",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:198"
}
],
"reference": "CERTA-2006-AVI-488",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-11-09T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.",
"revision_date": "2006-12-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": null,
"title": "Vuln\u00e9riabilit\u00e9s dans la biblioth\u00e8que imlib2",
"vendor_advisories": [
{
"published_at": null,
"title": "CVE-2006-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4806"
},
{
"published_at": null,
"title": "CVE-2006-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4807"
},
{
"published_at": null,
"title": "CVE-2006-4809",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4809"
},
{
"published_at": null,
"title": "CVE-2006-4808",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4808"
}
]
}
CVE-2006-4806 (GCVE-0-2006-4806)
Vulnerability from cvelistv5 – Published: 2006-11-07 00:00 – Updated: 2024-08-07 19:23
VLAI?
EPSS
Summary
Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22932"
},
{
"name": "MDKSA-2007:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name": "22752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22752"
},
{
"name": "MDKSA-2006:198",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name": "30106",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30106"
},
{
"name": "30109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30109"
},
{
"name": "SUSE-SR:2006:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "20903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20903"
},
{
"name": "30108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30108"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name": "30105",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30105"
},
{
"name": "USN-376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name": "30107",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30107"
},
{
"name": "GLSA-200612-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name": "ADV-2006-4349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name": "23441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23441"
},
{
"name": "22732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-376-1"
},
{
"name": "imlib2-load-overflow(30064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "22932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22932"
},
{
"name": "MDKSA-2007:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name": "22752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22752"
},
{
"name": "MDKSA-2006:198",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name": "30106",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30106"
},
{
"name": "30109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30109"
},
{
"name": "SUSE-SR:2006:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "20903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20903"
},
{
"name": "30108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30108"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name": "30105",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30105"
},
{
"name": "USN-376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name": "30107",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30107"
},
{
"name": "GLSA-200612-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name": "ADV-2006-4349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name": "23441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23441"
},
{
"name": "22732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-376-1"
},
{
"name": "imlib2-load-overflow(30064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30064"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4806",
"datePublished": "2006-11-07T00:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4808 (GCVE-0-2006-4808)
Vulnerability from cvelistv5 – Published: 2006-11-07 00:00 – Updated: 2024-08-07 19:23
VLAI?
EPSS
Summary
Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imlib2-loadertgac-bo(30068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30068"
},
{
"name": "22932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22932"
},
{
"name": "MDKSA-2007:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name": "22752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22752"
},
{
"name": "MDKSA-2006:198",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name": "SUSE-SR:2006:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "20903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name": "USN-376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name": "GLSA-200612-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name": "ADV-2006-4349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name": "23441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23441"
},
{
"name": "30103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30103"
},
{
"name": "22732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-376-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "imlib2-loadertgac-bo(30068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30068"
},
{
"name": "22932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22932"
},
{
"name": "MDKSA-2007:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name": "22752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22752"
},
{
"name": "MDKSA-2006:198",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name": "SUSE-SR:2006:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "20903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name": "USN-376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name": "GLSA-200612-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name": "ADV-2006-4349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name": "23441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23441"
},
{
"name": "30103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30103"
},
{
"name": "22732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-376-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4808",
"datePublished": "2006-11-07T00:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4807 (GCVE-0-2006-4807)
Vulnerability from cvelistv5 – Published: 2006-11-07 00:00 – Updated: 2024-08-07 19:23
VLAI?
EPSS
Summary
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22932"
},
{
"name": "MDKSA-2007:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name": "22752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22752"
},
{
"name": "MDKSA-2006:198",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name": "SUSE-SR:2006:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "30102",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30102"
},
{
"name": "20903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name": "USN-376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name": "GLSA-200612-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name": "ADV-2006-4349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name": "imlib2-loadertgac-dos(30066)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30066"
},
{
"name": "23441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23441"
},
{
"name": "22732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-376-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "22932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22932"
},
{
"name": "MDKSA-2007:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name": "22752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22752"
},
{
"name": "MDKSA-2006:198",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name": "SUSE-SR:2006:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "30102",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30102"
},
{
"name": "20903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name": "USN-376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name": "GLSA-200612-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name": "ADV-2006-4349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name": "imlib2-loadertgac-dos(30066)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30066"
},
{
"name": "23441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23441"
},
{
"name": "22732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-376-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4807",
"datePublished": "2006-11-07T00:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4809 (GCVE-0-2006-4809)
Vulnerability from cvelistv5 – Published: 2006-11-07 00:00 – Updated: 2024-08-07 19:23
VLAI?
EPSS
Summary
Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22932"
},
{
"name": "MDKSA-2007:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name": "22752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22752"
},
{
"name": "imlib2-loaderpnmc-bo(30070)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30070"
},
{
"name": "MDKSA-2006:198",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name": "30104",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30104"
},
{
"name": "SUSE-SR:2006:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "20903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name": "USN-376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name": "GLSA-200612-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name": "ADV-2006-4349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name": "23441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23441"
},
{
"name": "22732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-376-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "22932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22932"
},
{
"name": "MDKSA-2007:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name": "22752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22752"
},
{
"name": "imlib2-loaderpnmc-bo(30070)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30070"
},
{
"name": "MDKSA-2006:198",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name": "30104",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30104"
},
{
"name": "SUSE-SR:2006:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "20903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name": "USN-376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name": "GLSA-200612-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name": "ADV-2006-4349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name": "23441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23441"
},
{
"name": "22732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-376-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4809",
"datePublished": "2006-11-07T00:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…