GIMP Script-Fu Server Buffer Overflow

Added: 06/11/2012
CVE: CVE-2012-2763
BID: 53741
OSVDB: 82429

Background

The GNU Image Manipulation Program (GIMP) is free software for tasks such as photo retouching, image composition, and image authoring.

Problem

The vulnerability is due improper boundary checking within the Script-Fu server process when handling command input. This can be exploited to cause a buffer overflow via a specially crafted packet sent to TCP port 10008. Successful exploitation allows execution of arbitrary code.

Resolution

Upgrade to GIMP 2.8.0 or higher.

References

http://secunia.com/advisories/49314/

Limitations

This exploit has been tested against GIMP 2.6.10 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The Script-Fu server must be started.

Platforms

Windows

Back to exploit index