CVE-2012-0248

MEDIUM

Imagemagick < 6.7.5-7 - Infinite Loop

Title source: rule

Description

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

References (16)

Core 16

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml

Issue Tracking, Patch, Vendor Advisory x_refsource_confirm

http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49068

Broken Link x_refsource_misc

http://www.cert.fi/en/reports/2012/vulnerability595210.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48259

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49043

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/51957

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49063

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2427

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-0544.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47926

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://ubuntu.com/usn/usn-1435-1

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48247

Broken Link vdb-entry x_refsource_osvdb

http://www.osvdb.org/79003

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1027032

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-0545.html

Scores

CVSS v3 5.5

EPSS 0.0029

EPSS Percentile 52.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-835

Status published

Products (17)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 11.04

canonical/ubuntu_linux 11.10

canonical/ubuntu_linux 12.04

debian/debian_linux 6.0

debian/debian_linux 7.0

imagemagick/imagemagick < 6.7.5-7

redhat/enterprise_linux_desktop 5.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_eus 6.2

... and 7 more

Published Jun 05, 2012

Tracked Since Feb 18, 2026