Buffer overflow in Gimp
CVE-2012-2763
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu serve…
Vulnerability class: Buffer Overflow
EPSS: 0.888 (99.5th percentile) — read the EPSS interpretation.
Affected products
- Gimp
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- GLSA-201209-23 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch, Vendor Advisory)
- [oss-security] 20120630 Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6 (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- openSUSE-SU-2012:1080 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- openSUSE-SU-2012:1131 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- 50737 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
- cve@mitre.org (Third Party Advisory, x_refsource_MISC)
- [oss-security] 20120530 ScriptFu Server Buffer Overflow in GIMP <= 2.6 (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
Frequently asked questions
- What is CVE-2012-2763?
- CVE-2012-2763 is a vulnerability in Gimp, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2012-07-12.
- Is CVE-2012-2763 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.