Lucene search

[email protected]CVE-2006-6297

HistoryDec 05, 2006 - 11:28 a.m.

CVE-2006-6297

2006-12-0511:28:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2006-6297

stack consumption vulnerability

kfile jpeg

kdegraphics

konqueror

digikam

denial of service

remote attackers

exif section

jpeg file

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.038 Low

EPSS

Percentile

91.8%

JSON

Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.

CPENameOperatorVersion
kde:kdegraphicskde kdegraphicseq3.4.3
kde:kdegraphicskde kdegraphicseq3.2

CPE	Name	Operator	Version
kde:kdegraphics	kde kdegraphics	eq	3.4.3
kde:kdegraphics	kde kdegraphics	eq	3.2

References

secunia.com/advisories/23203

secunia.com/advisories/23213

secunia.com/advisories/23300

secunia.com/advisories/23728

security.gentoo.org/glsa/glsa-200701-05.xml

securitytracker.com/id?1017325

www.kde.org/info/security/advisory-20061129-1.txt

www.mandriva.com/security/advisories?name=MDKSA-2006:227

www.novell.com/linux/security/advisories/2006_73_mono.html

www.securityfocus.com/bid/21384

www.vupen.com/english/advisories/2006/4810

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.038 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2006-6297

nessus2 ubuntucve1 gentoo1 securityvulns1 redhatcve1 openvas2 suse1