CVE-2012-2763

GIMP < 2.6.13 - Remote Code Execution via Long String in Script-Fu Server Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-2763. PoCs published by Metasploit, Joseph Sheridan, Joseph Sheridan, juan vazquez, including Metasploit module exploits/windows/misc/gimp_script_fu.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in GIMP's script-fu server (CVE-2012-2763) by sending a crafted packet to achieve remote code execution. It targets specific GIMP versions on Windows and leverages a stack-based overflow to overwrite function pointers.

Description

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18973

This Metasploit module exploits a buffer overflow in GIMP's script-fu server (CVE-2012-2763) by sending a crafted packet to achieve remote code execution. It targets specific GIMP versions on Windows and leverages a stack-based overflow to overwrite function pointers.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GIMP <= 2.6.12
No auth needed
Prerequisites: Network access to the script-fu server (port 10008) · Target running vulnerable GIMP version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Joseph Sheridan · cdoswindows
https://www.exploit-db.com/exploits/18956

This exploit demonstrates a buffer overflow in the script-fu server component of GIMP 2.6, allowing an attacker to overwrite function pointers and potentially execute arbitrary code. The PoC sends a crafted message to the script-fu server, triggering the overflow.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GIMP <= 2.6
No auth needed
Prerequisites: Network access to the script-fu server · Script-fu server running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Joseph Sheridan, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/gimp_script_fu.rb

This Metasploit module exploits a buffer overflow in GIMP's script-fu server (CVE-2012-2763) by sending a crafted packet to overwrite function pointers in the .bss section, leading to remote code execution. The exploit targets specific GIMP versions on Windows and includes payload generation and delivery.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GIMP <= 2.6.12
No auth needed
Prerequisites: Network access to the script-fu server (port 10008) · Target running vulnerable GIMP version
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201209-23.xml
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/01/1
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50737
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.gnome.org/show_bug.cgi?id=679215
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/31/1

Scores

EPSS 0.8172
EPSS Percentile 99.6%

Details

CWE
CWE-120
Status published
Products (1)
gimp/gimp < 2.6.13
Published Jul 12, 2012
Tracked Since Feb 18, 2026