GIMP Script-Fu Server Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is running GIMP Script-Fu Server and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to gain control of EIP and potentially execute arbitrary code. Impact Level: System/Application

Solution

Upgrade to GIMP version 2.8.0 or later, For updates refer to http://www.gimp.org/

Insight

The script-fu server process in GIMP fails to handle a specially crafted command input sent to TCP port 10008, which could be exploited by remote attackers to cause a buffer overflow.

Affected

GIMP version 2.6.12 and prior

References

http://packetstormsecurity.org/files/113201/GIMP-script-fu-Server-Buffer-Overflow.html
http://secunia.com/advisories/49314
http://www.exploit-db.com/exploits/18956
http://www.exploit-db.com/exploits/18973
http://www.osvdb.org/82429
http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2763
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Player Multiple Vulnerabilities - Mar09 (Win)
Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)
ALLMediaServer Request Handling Buffer Overflow Vulnerability

Take action and discover your vulnerabilities