CVE-2012-2763

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 12-07-2012 09:55

Last modified: - 07-02-2022 06:25

Total changes: - 2

Description

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

7.5

Base score

10.0

6.4

Exploitability score

Impact score

Verification logic

vendor=gimp AND product=gimp AND versionEndIncluding=2.6.13

Reference

https://bugzilla.gnome.org/show_bug.cgi?id=679215
[oss-security] 20120630 Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6-Mailing List, Third Party Advisory
[oss-security] 20120530 ScriptFu Server Buffer Overflow in GIMP <= 2.6-Mailing List, Third Party Advisory
http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
http://git.gnome.org/browse/gimp/commit/?h=gimp-2-6&id=744f7a4a2b5acb8b531a6f5dd8744ebb95348fc2
openSUSE-SU-2012:1080-Third Party Advisory
openSUSE-SU-2012:1131-Third Party Advisory
50737-Broken Link
GLSA-201209-23-Third Party Advisory

Keywords

CVE-2012-2763

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-2763

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures