7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.7%
Added: 06/11/2012
CVE: CVE-2012-2763
BID: 53741
OSVDB: 82429
The GNU Image Manipulation Program (GIMP) is free software for tasks such as photo retouching, image composition, and image authoring.
The vulnerability is due improper boundary checking within the Script-Fu server process when handling command input. This can be exploited to cause a buffer overflow via a specially crafted packet sent to TCP port 10008. Successful exploitation allows execution of arbitrary code.
Upgrade to GIMP 2.8.0 or higher.
<http://secunia.com/advisories/49314/>
This exploit has been tested against GIMP 2.6.10 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The Script-Fu server must be started.
Windows