CVE-2006-6297 - Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by k

CVE-2006-6297

Summary

Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.

References

Vulnerable Configurations

cpe:2.3:a:kde:kdegraphics:3.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdegraphics:3.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdegraphics:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdegraphics:3.4.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 04-08-2011 - 04:00)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	21384
confirm	http://www.kde.org/info/security/advisory-20061129-1.txt
gentoo	GLSA-200701-05
mandriva	MDKSA-2006:227
sectrack	1017325
secunia	23203 23213 23300 23728
suse	SUSE-SA:2006:073
vupen	ADV-2006-4810

statements via4

contributor	Mark J Cox
lastmodified	2006-12-19
organization	Red Hat
statement	We do not consider a crash of a client application such as Konqueror or other KFile users to be a security issue.

Last major update

04-08-2011 - 04:00

Published

05-12-2006 - 11:28

Last modified

04-08-2011 - 04:00