Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2763

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2763
Last Modified 14 May 2013 11:26:48
Published 12 Jul 2012 03:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2763

Summary

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.

Vulnerable Systems

Application

  • Gimp 2.2

  • Gimp 2.2.14

  • Gimp 2.4.1

  • Gimp 2.4.2

  • Gimp 2.6.1

  • Gimp 2.6.11

  • Gimp 2.6.12

  • Gimp 2.6.13

  • Gimp 2.6.6

  • Gimp 2.6.7


References

CONFIRM - http://git.gnome.org/browse/gimp/commit/?h=gimp-2-6&id=744f7a4a2b5acb8b531a6f5dd8744ebb95348fc2

CONFIRM - https://bugzilla.gnome.org/show_bug.cgi?id=679215

MISC - http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html

MLIST - [oss-security] 20120630 Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6

MLIST - [oss-security] 20120530 ScriptFu Server Buffer Overflow in GIMP <= 2.6

SUSE - openSUSE-SU-2012:1080

SUSE - openSUSE-SU-2012:1131

GENTOO - GLSA-201209-23

SECUNIA - 50737

Related Patches

Novell SUSE 2012:6542 gimp security update for SLED 11 SP1 i586

Novell SUSE 2012:6542 gimp security update for SLED 11 SP1 x86_64


Last Updated: 27 May 2016 11:00:28