Vigil@nce: GIMP, buffer overflow of Script-Fu Server
June 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When the Script-Fu Server is enabled on GIMP, an attacker can send
a long query, in order to generate a buffer overflow, leading to a
denial of service or to code execution.
– Severity: 2/4
– Creation date: 31/05/2012
IMPACTED PRODUCTS
– GIMP
DESCRIPTION OF THE VULNERABILITY
The Script-Fu server of GIMP can be used by an external
application using the Scheme language to modify an image. This
server listens on port 10008/tcp. It is not enabled by default.
This protocol uses a header composed of:
– the ’G’ character
– two bytes indicating the Scheme data size
Then, the Scheme code is sent.
However, if a long Scheme instruction is sent to Script-Fu, an
overflow occurs.
When the Script-Fu Server is enabled on GIMP, an attacker can
therefore send a long query, in order to generate a buffer
overflow, leading to a denial of service or to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/GIMP-buffer-overflow-of-Script-Fu-Server-11664