CVE-2012-2763

Published: 12 July 2012

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.

Priority

Low

Status

Package Release Status
gimp
Launchpad, Ubuntu, Debian
Upstream
Released (2.8.0)

Notes

AuthorNote
tyhicks
The vast majority of gimp installs will not be using the script-fu
network server
mdeslaur
The script-fu network server should not be used in untrusted
environments. We are not going to fix this, marking as ignored.

References