Skip to main content

Gimp CVE-2012-2763

HIGH
Classic Buffer Overflow (CWE-120)
2012-07-12 cve@mitre.org
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Jul 12, 2012 - 19:55 cve.org
HIGH 7.5

DescriptionCVE.org

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.

AnalysisAI

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.8%.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server. Affected products include: Gimp.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

More in Gimp

View all
CVE-2012-5576 HIGH POC
7.5 Dec 18

Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attack

CVE-2017-17789 HIGH POC
7.8 Dec 20

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. Rated high sev

CVE-2012-3236 MEDIUM POC
4.3 Jul 12

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and applic

CVE-2022-32990 MEDIUM POC
5.5 Jun 24

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via

CVE-2022-30067 MEDIUM POC
5.5 May 17

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no a

CVE-2018-12713 CRITICAL
9.1 Jun 24

GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that alre

CVE-2025-5473 HIGH
8.8 Jun 06

Critical remote code execution vulnerability in GIMP's ICO file parser caused by an integer overflow (CWE-190) that lack

CVE-2026-2044 HIGH
8.8 Feb 20

Remote code execution in GIMP 3.0.6 allows attackers to run arbitrary code by tricking a user into opening a malicious P

CVE-2026-0797 HIGH
8.8 Feb 20

Remote code execution in GIMP 3.2.0-rc1 lets attackers run arbitrary code by tricking a user into opening a malicious IC

CVE-2016-4994 HIGH
7.8 Jul 12

Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cau

CVE-2026-2050 HIGH
7.8 Jun 24

Arbitrary code execution in GIMP results from a heap-based buffer overflow in the HDR file parser, where attacker-contro

CVE-2025-2760 HIGH
7.8 Apr 23

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnera

Share

CVE-2012-2763 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy