Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:25A0B2323385BBDD074CCCC77AEFD188
HistoryJun 11, 2012 - 12:00 a.m.

GIMP Script-Fu Server Buffer Overflow

2012-06-1100:00:00
SAINT Corporation
download.saintcorporation.com
15

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.7%

JSON

Added: 06/11/2012
CVE: CVE-2012-2763
BID: 53741
OSVDB: 82429

Background

The GNU Image Manipulation Program (GIMP) is free software for tasks such as photo retouching, image composition, and image authoring.

Problem

The vulnerability is due improper boundary checking within the Script-Fu server process when handling command input. This can be exploited to cause a buffer overflow via a specially crafted packet sent to TCP port 10008. Successful exploitation allows execution of arbitrary code.

Resolution

Upgrade to GIMP 2.8.0 or higher.

References

<http://secunia.com/advisories/49314/&gt;

Limitations

This exploit has been tested against GIMP 2.6.10 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The Script-Fu server must be started.

Platforms

Windows

Related

saint 3
seebug 2
checkpoint_advisories 1
ubuntucve 1
openvas 5
prion 1
nessus 5
packetstorm 1
exploitpack 1
cve 1
debiancve 1
securityvulns 2
exploitdb 1
suse 1
gentoo 1
saint
saint
GIMP Script-Fu Server Buffer Overflow
2012-06-11 00:00:00
GIMP Script-Fu Server Buffer Overflow
2012-06-11 00:00:00
GIMP Script-Fu Server Buffer Overflow
2012-06-11 00:00:00
seebug
seebug
GIMP 2.6 script-fu &lt; 2.8.0 Buffer Overflow Vulnerability
2012-06-01 00:00:00
GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow Vulnerability
2014-07-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Gimp Script-Fu Server Buffer Overflow (CVE-2012-2763)
2012-09-04 00:00:00
ubuntucve
ubuntucve
CVE-2012-2763
2012-07-12 00:00:00
openvas
openvas
GIMP Script-Fu Server Buffer Overflow Vulnerability
2012-06-27 00:00:00
SuSE Update for gimp openSUSE-SU-2012:1080-1 (gimp)
2012-12-13 00:00:00
openSUSE: Security Advisory for gimp (openSUSE-SU-2012:1080-1)
2012-12-13 00:00:00
prion
prion
Buffer overflow
2012-07-12 19:55:00
nessus
nessus
Oracle Solaris Third-Party Patch Update : gimp (cve_2012_2763_buffer_overflow)
2015-01-19 00:00:00
SuSE 11.1 Security Update : Gimp (SAT Patch Number 6542)
2013-01-25 00:00:00
openSUSE Security Update : gimp (openSUSE-SU-2012:1131-1)
2014-06-13 00:00:00
packetstorm
packetstorm
GIMP script-fu Server Buffer Overflow
2012-06-02 00:00:00
exploitpack
exploitpack
GIMP 2.6 script-fu 2.8.0 - Buffer Overflow (PoC)
2012-05-31 00:00:00
cve
cve
CVE-2012-2763
2012-07-12 19:55:00
debiancve
debiancve
CVE-2012-2763
2012-07-12 19:55:00
securityvulns
securityvulns
script-fu buffer overflow in GIMP 2.6
2012-06-03 00:00:00
GIMP script-fu buffer overflow
2012-08-20 00:00:00
exploitdb
exploitdb
GIMP 2.6 script-fu &lt; 2.8.0 - Buffer Overflow (PoC)
2012-05-31 00:00:00
suse
suse
gimp to fix various issues (important)
2012-09-03 11:09:17
gentoo
gentoo
GIMP: Multiple vulnerabilities
2012-09-28 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:25A0B2323385BBDD074CCCC77AEFD188
saint3seebug2checkpoint_advisories1ubuntucve1openvas5prion1nessus5packetstorm1exploitpack1cve1debiancve1securityvulns2exploitdb1suse1gentoo1