Your submission was sent successfully! Close

CVE-2012-4245

Published: 31 August 2012

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.

Notes

AuthorNote
tyhicks
The scriptfu server is not widely used and security is not a part of
the server's design
mdeslaur
The script-fu network server should not be used in untrusted
environments. We are not going to fix this, marking as ignored.
Priority

Low

Status

Package Release Status
gimp
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Ignored

natty Ignored
(reached end-of-life)
oneiric Ignored

precise Ignored

quantal Not vulnerable
(2.8.0-2ubuntu2)
raring Not vulnerable
(2.8.0-2ubuntu2)
upstream Needs triage