CVE-2012-0247
HIGHImageMagick < 6.7.5-7 - Remote Code Execution via EXIF ResolutionUnit Tag
Title source: llmDescription
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
References (15)
Core 15
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49068
Broken Link x_refsource_misc
http://www.cert.fi/en/reports/2012/vulnerability595210.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48259
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49043
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49063
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2427
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0544.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47926
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1435-1
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48247
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/79003
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027032
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0545.html
Scores
CVSS v3
8.8
EPSS
0.0420
EPSS Percentile
88.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (17)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
11.04
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
debian/debian_linux
6.0
debian/debian_linux
7.0
imagemagick/imagemagick
< 6.7.5-7
redhat/enterprise_linux_desktop
5.0
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_eus
6.2
... and 7 more
Published
Jun 05, 2012
Tracked Since
Feb 18, 2026