CVE-2006-6297

CWE-3994 documents4 sources
Severity
5.0MEDIUM
EPSS
2.6%
top 14.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE Kdegraphics
Timeline
PublishedDec 5
Latest updateMay 1

Description

Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDkde/kdegraphics3.2, 3.4.3+1

🔴Vulnerability Details

2
GHSA
GHSA-7rv3-2wf3-pj6w: Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, a2022-05-01
CVEList
CVE-2006-6297: Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, a2006-12-05

📋Vendor Advisories

1
Red Hat
CVE-2006-6297: Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, a
CVE-2006-6297 (MEDIUM CVSS 5) | Stack consumption vulnerability in | cvebase.io