Fluid Attacks Database

Description

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	gimp	>=0 <2.8.0-1	2.8.0-1
debian 11	gimp	>=0 <2.8.0-1	2.8.0-1
debian 14	gimp	>=0 <2.8.0-1	2.8.0-1
rpm rhel6	gimp	-	-
debian 12	gimp	>=0 <2.8.0-1	2.8.0-1

Aliases

1. CVE-2012-27632. NVD-2012-27633. OSV-DEBIAN-2012-27634. OSV-2012-27635. SECURITY-TRACKER-CVE-2012-2763

References

1. https://www.exploit-db.com/exploits/189732. https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/gimp_script_fu.rb

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.