CVE-2006-4183

Microsoft DirectX SDK - Heap-Based Buffer Overflow via Crafted Targa File

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.

References (8)

Core 8
Core References
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=562
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018420
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24963
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35492
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26131
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474058/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2577

Scores

EPSS 0.0816
EPSS Percentile 94.2%

Details

CWE
CWE-119
Status published
Products (1)
microsoft/directx_sdk february_2006
Published Jul 18, 2007
Tracked Since Feb 18, 2026