CVE-2012-1798

MEDIUM

Imagemagick < 6.7.6-3 - Out-of-Bounds Read

Title source: rule
STIX 2.1

Description

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

References (13)

Core 13
Core References
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55035
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74659
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49068
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/81023
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2462
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49063
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52898
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0544.html
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48974
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49317
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027032

Scores

CVSS v3 6.5
EPSS 0.0141
EPSS Percentile 80.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-125
Status published
Products (11)
debian/debian_linux 6.0
imagemagick/imagemagick < 6.7.6-3
opensuse/opensuse 11.4
opensuse/opensuse 12.1
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_eus 6.2
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server_aus 6.2
redhat/enterprise_linux_server_eus 6.2
redhat/enterprise_linux_workstation 6.0
... and 1 more
Published Jun 05, 2012
Tracked Since Feb 18, 2026