GIMP Script-Fu Server Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is running GIMP Script-Fu Server and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to gain control of EIP and potentially execute arbitrary code. Impact Level: System/Application

Solution

Upgrade to GIMP version 2.8.0 or later, For updates refer to http://www.gimp.org/

Insight

The script-fu server process in GIMP fails to handle a specially crafted command input sent to TCP port 10008, which could be exploited by remote attackers to cause a buffer overflow.

Affected

GIMP version 2.6.12 and prior

References

http://packetstormsecurity.org/files/113201/GIMP-script-fu-Server-Buffer-Overflow.html
http://secunia.com/advisories/49314
http://www.exploit-db.com/exploits/18956
http://www.exploit-db.com/exploits/18973
http://www.osvdb.org/82429
http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2763

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple iTunes '.pls' Files Buffer Overflow Vulnerability
Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Windows)
ChaSen Buffer Overflow Vulnerability (Linux)

Take action and discover your vulnerabilities