Added: 06/11/2012
CVE: CVE-2012-2763
BID: 53741
OSVDB: 82429
The GNU Image Manipulation Program (GIMP) is free software for tasks such as photo retouching, image composition, and image authoring.
The vulnerability is due improper boundary checking within the Script-Fu server process when handling command input. This can be exploited to cause a buffer overflow via a specially crafted packet sent to TCP port 10008. Successful exploitation allows execution of arbitrary code.
Upgrade to GIMP 2.8.0 or higher.
<http://secunia.com/advisories/49314/>
This exploit has been tested against GIMP 2.6.10 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The Script-Fu server must be started.
Windows