Home

CVE-2012-4245

Description

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.077

Associated Vulnerability

VulnerabilityOS Platform
Upgrade gimp 2.6.9 to latest versionWindows
Multiple Vulnerabilities are affected in GIMP 2.6.7Windows
Multiple Vulnerabilities are affected in GIMP 2.6.11Windows
Multiple Vulnerabilities are affected in GIMP 2.6.8Windows
Multiple Vulnerabilities are affected in GIMP 2.6.1Windows
Vulnerabilities CVE-2012-2763,CVE-2012-3403,CVE-2012-3481,CVE-2012-4245 are affected in GIMP 2.6.12Windows
Vulnerabilities CVE-2012-2763,CVE-2012-3403,CVE-2012-3481,CVE-2012-4245 are affected in GIMP 2.6.13Windows
Multiple Vulnerabilities are affected in GIMP 2.6.6Windows
Multiple Vulnerabilities are affected in GIMP 2.6.0Windows
Vulnerabilities CVE-2012-3403,CVE-2012-3481,CVE-2012-4245 are affected in GIMP 2.6.10Windows
Multiple Vulnerabilities are affected in GIMP 2.6.2Windows
Multiple Vulnerabilities are affected in GIMP 2.6.3Windows
Multiple Vulnerabilities are affected in GIMP 2.6.4Windows
Multiple Vulnerabilities are affected in GIMP 2.6.5Windows
Multiple Vulnerabilities are affected in GIMP 2.6.9Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)
PATCH-338143GIMP (2.10.38)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234