Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:36A31A80FB4670F74C6CB4522E8DDEF7
HistoryJun 11, 2012 - 12:00 a.m.

GIMP Script-Fu Server Buffer Overflow

2012-06-1100:00:00
SAINT Corporation
my.saintcorporation.com
22

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.969 High

EPSS

Percentile

99.7%

JSON

Added: 06/11/2012
CVE: CVE-2012-2763
BID: 53741
OSVDB: 82429

Background

The GNU Image Manipulation Program (GIMP) is free software for tasks such as photo retouching, image composition, and image authoring.

Problem

The vulnerability is due improper boundary checking within the Script-Fu server process when handling command input. This can be exploited to cause a buffer overflow via a specially crafted packet sent to TCP port 10008. Successful exploitation allows execution of arbitrary code.

Resolution

Upgrade to GIMP 2.8.0 or higher.

References

<http://secunia.com/advisories/49314/&gt;

Limitations

This exploit has been tested against GIMP 2.6.10 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The Script-Fu server must be started.

Platforms

Windows

Related

ubuntucve 1
openvas 5
saint 3
seebug 2
prion 1
nessus 5
packetstorm 1
exploitpack 1
debiancve 1
cve 1
checkpoint_advisories 1
securityvulns 2
exploitdb 1
suse 1
gentoo 1
ubuntucve
ubuntucve
CVE-2012-2763
2012-07-12 00:00:00
openvas
openvas
GIMP Script-Fu Server Buffer Overflow Vulnerability
2012-06-27 00:00:00
SuSE Update for gimp openSUSE-SU-2012:1080-1 (gimp)
2012-12-13 00:00:00
openSUSE: Security Advisory for gimp (openSUSE-SU-2012:1080-1)
2012-12-13 00:00:00
saint
saint
GIMP Script-Fu Server Buffer Overflow
2012-06-11 00:00:00
GIMP Script-Fu Server Buffer Overflow
2012-06-11 00:00:00
GIMP Script-Fu Server Buffer Overflow
2012-06-11 00:00:00
seebug
seebug
GIMP 2.6 script-fu &lt; 2.8.0 Buffer Overflow Vulnerability
2012-06-01 00:00:00
GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow Vulnerability
2014-07-01 00:00:00
prion
prion
Buffer overflow
2012-07-12 19:55:00
nessus
nessus
Oracle Solaris Third-Party Patch Update : gimp (cve_2012_2763_buffer_overflow)
2015-01-19 00:00:00
SuSE 11.1 Security Update : Gimp (SAT Patch Number 6542)
2013-01-25 00:00:00
openSUSE Security Update : gimp (openSUSE-SU-2012:1131-1)
2014-06-13 00:00:00
packetstorm
packetstorm
GIMP script-fu Server Buffer Overflow
2012-06-02 00:00:00
exploitpack
exploitpack
GIMP 2.6 script-fu 2.8.0 - Buffer Overflow (PoC)
2012-05-31 00:00:00
debiancve
debiancve
CVE-2012-2763
2012-07-12 19:55:00
cve
cve
CVE-2012-2763
2012-07-12 19:55:00
checkpoint_advisories
checkpoint_advisories
Gimp Script-Fu Server Buffer Overflow (CVE-2012-2763)
2012-09-04 00:00:00
securityvulns
securityvulns
script-fu buffer overflow in GIMP 2.6
2012-06-03 00:00:00
GIMP script-fu buffer overflow
2012-08-20 00:00:00
exploitdb
exploitdb
GIMP 2.6 script-fu &lt; 2.8.0 - Buffer Overflow (PoC)
2012-05-31 00:00:00
suse
suse
gimp to fix various issues (important)
2012-09-03 11:09:17
gentoo
gentoo
GIMP: Multiple vulnerabilities
2012-09-28 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.969 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:36A31A80FB4670F74C6CB4522E8DDEF7
ubuntucve1openvas5saint3seebug2prion1nessus5packetstorm1exploitpack1debiancve1cve1checkpoint_advisories1securityvulns2exploitdb1suse1gentoo1