Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 418425 (CVE-2012-2763) - <media-gfx/gimp-2.6.12-r2: script-fu Buffer Overflow (CVE-2012-2763)
Summary: <media-gfx/gimp-2.6.12-r2: script-fu Buffer Overflow (CVE-2012-2763)
Status: RESOLVED FIXED
Alias: CVE-2012-2763
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.reactionpenetrationtesting...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-31 18:39 UTC by the_eccentric
Modified: 2012-09-28 11:43 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
CVE-2012-2763.diff (gimp-CVE-2012-2763.diff,711 bytes, patch)
2012-07-06 04:36 UTC, mancha
no flags Details | Diff
CVE-2012-2763.diff (gimp-CVE-2012-2763.diff,711 bytes, patch)
2012-07-06 04:42 UTC, mancha
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description the_eccentric 2012-05-31 18:39:55 UTC
A crafted msg to the script-fu server overflows a buffer and overwrites several function pointers allowing the attacker to gain control of EIP and potentially execute arbitrary code

Reproducible: Always
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2012-06-01 14:57:40 UTC
Hanno or Sebastian. Are one of the >=2.8 versions suitable to stabilize?
Comment 2 the_eccentric 2012-06-01 15:14:16 UTC
Not yet still waiting.
Comment 3 Sebastian Pipping gentoo-dev 2012-06-01 20:45:03 UTC
(In reply to comment #1)
> Hanno or Sebastian. Are one of the >=2.8 versions suitable to stabilize?

Hard to say.  2.8 if any but it hasn't been around long.


(In reply to comment #2)
> Not yet still waiting.

Waiting for what?  Please elaborate.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2012-06-16 22:53:38 UTC
Hanno or Sebastian, shall we stabilize 2.8.0-r1 now? thanks.
Comment 5 Sebastian Pipping gentoo-dev 2012-06-16 23:36:50 UTC
(In reply to comment #4)
> Hanno or Sebastian, shall we stabilize 2.8.0-r1 now? thanks.

It seems to be working fine, no bugs have been reported recently or at all (ignoring #414653 and #414853 for the moment).  It still feels a bit early but I have no hard objections to it.
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2012-06-16 23:42:16 UTC
(In reply to comment #5)
> It still feels a bit early
> but I have no hard objections to it.

Yeah... How about this? If you see any issues between now and Friday, add them as blockers here, please. Otherwise we'll call arches on Friday.
Comment 7 Sebastian Pipping gentoo-dev 2012-06-20 19:47:32 UTC
(In reply to comment #6)
> Yeah... How about this? If you see any issues between now and Friday, add
> them as blockers here, please. Otherwise we'll call arches on Friday.

Sounds fair.  A build issue just came in, adding #422497.
Comment 8 mancha 2012-07-06 04:36:52 UTC
Created attachment 317388 [details, diff]
CVE-2012-2763.diff

CVE-2012-2763.diff
Comment 9 mancha 2012-07-06 04:42:10 UTC
Created attachment 317392 [details, diff]
CVE-2012-2763.diff

Working with upstream, we identified the code in 2.8 which fixes this buffer overflow vulnerability in the script-fu server.

The attached patch fixes the issue in gimp 2.6.x.
Comment 10 Sebastian Pipping gentoo-dev 2012-07-08 22:57:59 UTC
(In reply to comment #9)
> Created attachment 317392 [details, diff] [details, diff]
> CVE-2012-2763.diff
> 
> Working with upstream, we identified the code in 2.8 which fixes this buffer
> overflow vulnerability in the script-fu server.
> 
> The attached patch fixes the issue in gimp 2.6.x.

Thanks!


+*gimp-2.6.12-r2 (08 Jul 2012)
+
+  08 Jul 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r2.ebuild,
+  +files/gimp-2.6.12-CVE-2012-2763.patch:
+  Add backport of patch to CVE-2012-2763 by mancha
+


Commit mentioned in the patch:
http://git.gnome.org/browse/gimp/commit/?id=76155d79df8d497d9a5994029247387e222da9e9
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2012-07-10 06:42:48 UTC
Great, thanks! Can we move to stabilize gimp-2.6.12-r2?
Comment 12 Sebastian Pipping gentoo-dev 2012-07-10 17:32:00 UTC
(In reply to comment #11)
> Great, thanks! Can we move to stabilize gimp-2.6.12-r2?

No objections from my side.
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2012-07-10 20:42:15 UTC
Great, thanks. 

Arches, please test and mark stable:
=media-gfx/gimp-2.6.12-r2
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Comment 14 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-07-11 02:09:38 UTC
x86 stable
Comment 15 Richard Freeman gentoo-dev 2012-07-11 12:40:16 UTC
amd64 stable
Comment 16 Jeroen Roovers (RETIRED) gentoo-dev 2012-07-12 00:46:01 UTC
Stable for HPPA.
Comment 17 Raúl Porcel (RETIRED) gentoo-dev 2012-07-14 18:59:46 UTC
alpha/ia64/sparc stable
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2012-07-17 23:15:48 UTC
CVE-2012-2763 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2763):
  Buffer overflow in the readstr_upto function in
  plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and
  possibly 2.6.13, allows remote attackers to execute arbitrary code via a
  long string in a command to the script-fu server.
Comment 19 Brent Baude (RETIRED) gentoo-dev 2012-08-09 18:23:17 UTC
ppc done
Comment 20 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2012-09-20 11:51:15 UTC
ppc64 stable, last arch done
Comment 21 Sean Amoss (RETIRED) gentoo-dev Security 2012-09-20 12:37:27 UTC
Thanks, everyone.

This is already on a GLSA draft, ready for review.
Comment 22 GLSAMaker/CVETool Bot gentoo-dev 2012-09-28 11:43:23 UTC
This issue was resolved and addressed in
 GLSA 201209-23 at http://security.gentoo.org/glsa/glsa-201209-23.xml
by GLSA coordinator Sean Amoss (ackle).