Computer Security
[EN] securityvulns.ru no-pyccku


GIMP script-fu buffer overflow
updated since 03.06.2012
Published:20.08.2012
Source:
SecurityVulns ID:12397
Type:local
Threat Level:
5/10
Description:Buffer overflow on message parsing, shell execution.
Affected:GNU : gimp 2.6
CVE:CVE-2012-4245 (The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.)
 CVE-2012-2763 (Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.)
Original documentdocumentresearch_(at)_reactionis.co.uk, GIMP Scriptfu Python Remote Command Execution (20.08.2012)
 documentJoseph Sheridan, script-fu buffer overflow in GIMP 2.6 (03.06.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod