Vulnerability Name: | CVE-2012-2763 (CCN-75979) | ||||||||||||
Assigned: | 2012-05-31 | ||||||||||||
Published: | 2012-05-31 | ||||||||||||
Updated: | 2022-02-07 | ||||||||||||
Summary: | Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server. | ||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||||||
Vulnerability Type: | CWE-120 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2012-2763 Source: CONFIRM Type: Exploit, Patch, Vendor Advisory http://git.gnome.org/browse/gimp/commit/?h=gimp-2-6&id=744f7a4a2b5acb8b531a6f5dd8744ebb95348fc2 Source: SUSE Type: Third Party Advisory openSUSE-SU-2012:1080 Source: SUSE Type: Third Party Advisory openSUSE-SU-2012:1131 Source: CCN Type: Packetstorm Security Website GIMP 2.6 script-fu Buffer Overflow Source: CCN Type: SA49314 GIMP Script-Fu Server Buffer Overflow Vulnerability Source: SECUNIA Type: Broken Link 50737 Source: CCN Type: SA50744 Oracle Solaris GIMP Script-Fu Server Buffer Overflow Vulnerability Source: GENTOO Type: Third Party Advisory GLSA-201209-23 Source: CCN Type: GIMP Web site GIMP - The GNU Image Manipulation Program Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20120530 ScriptFu Server Buffer Overflow in GIMP <= 2.6 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20120630 Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6 Source: CCN Type: OSVDB ID: 82429 GIMP script-fu Server Component Crafted Message Remote Overflow Source: MISC Type: Third Party Advisory http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html Source: CCN Type: BID-53741 GIMP CVE-2012-2763 Buffer Overflow Vulnerability Source: CCN Type: Oracle Security Blog, Sep 18, 2012 CVE-2012-2763 Buffer overflow vulnerability in Gimp Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://bugzilla.gnome.org/show_bug.cgi?id=679215 Source: XF Type: UNKNOWN gimp-scriptfu-bo(75979) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [06-02-2012] Source: CCN Type: Rapid7 Vulnerability and Exploit Database [05-30-2018] GIMP script-fu Server Buffer Overflow | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |