CVE-2007-2356

Gimp 2.2.14 - Stack-Based Buffer Overflow in SUNRAS Plugin via RAS File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-2356. PoCs published by Kristian Hermansen, Marsu.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in GIMP 2.2.14 by crafting a malicious RAS file that triggers arbitrary code execution via a call to ESP in libgimpcolor-2.0-0.dll. The payload is designed to download and execute a remote file.

Description

Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Kristian Hermansen · clocalwindows_x86

https://www.exploit-db.com/exploits/3888

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in GIMP 2.2.14 by crafting a malicious RAS file that triggers arbitrary code execution via a call to ESP in libgimpcolor-2.0-0.dll. The payload is designed to download and execute a remote file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GIMP 2.2.14

No auth needed

Prerequisites: Victim must open the malicious RAS file in GIMP

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Marsu · clocalwindows

https://www.exploit-db.com/exploits/3801

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the SUNRAS plugin of GIMP v2.2.14, specifically in the `set_color_table` function. It includes shellcode for both launching calc.exe and binding a shell to port 4444.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GIMP v2.2.14

No auth needed

Prerequisites: Victim must open a maliciously crafted .RAS file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (27)

Core 27

Core References

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238422

Patch, Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1301

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200705-08.xml

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25573

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25466

Exploit, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23680

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/467231/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/33911

Tool Signature vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10054

Broken Link, Third Party Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25359

Broken Link, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1560

Patch, Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0343.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018092

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28114

Broken Link x_refsource_confirm

https://issues.rpath.com/browse/RPL-1318

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25012

Tool Signature vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5960

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-467-1

Broken Link, Third Party Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25346

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:108

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25111

Broken Link, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/4241

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25239

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25167

Scores

EPSS 0.1567

EPSS Percentile 96.4%

Details

CWE

CWE-787

Status published

Products (1)

gimp/gimp 2.2.14

Published Apr 30, 2007

Tracked Since Feb 18, 2026